Change logs for privoxy source package in Vivid

privoxy (3.0.21-7+deb8u1build0.15.04.1) vivid-security; urgency=medium

  * fake sync from Debian

privoxy (3.0.21-7+deb8u1) jessie-security; urgency=high

  * 40_CVE-2016-1982: Prevent invalid reads in case of corrupt
    chunk-encoded content.
  * 41_CVE-2016-1983: Remove empty Host headers in client requests.
    Previously they would result in invalid reads.

 -- Tyler Hicks <email address hidden>  Mon, 01 Feb 2016 11:00:36 -0600

privoxy (3.0.21-7) unstable; urgency=medium


  * 37_CVE-2015-1380: denial of service.
  * 38_CVE-2015-1381: multiple segmentation faults and memory leaks in the
    pcrs code.
  * 39_CVE-2015-1382: invalid read.
  * These 3 patches Closes: #776490.

 -- Roland Rosenfeld <email address hidden>  Wed, 28 Jan 2015 19:46:42 +0100

privoxy (3.0.21-5) unstable; urgency=low


  * 34_CVE-2015-1030: Fix memory leak in rfc2553_connect_to().  CID 66382
  * 35_CVE-2015-1031-CID66394: unmap(): Prevent use-after-free if the map 
    only consists of one item.  CID 66394.
  * 36_CVE-2015-1031-CID66376: pcrs_execute(): Consistently set *result to
    NULL in case of errors.  Should make use-after-free in the caller less
    likely.  CID 66391, CID 66376.
  * These 3 patches Closes: #775167.
  
 -- Roland Rosenfeld <email address hidden>  Mon, 12 Jan 2015 08:44:23 +0100

privoxy (3.0.21-4) unstable; urgency=low


  * Enable hardening=+all
  * Hardcode PIDFile in privoxy.service, since this isn't allowed as
    variable (Closes: #746262).

 -- Roland Rosenfeld <email address hidden>  Sat, 10 May 2014 14:19:03 +0200