[Privoxy-commits] [privoxy] branch master updated: Add CVEs for security issues fixed in 3.0.32 stable

User Git git at git.privoxy.org
Sat Mar 6 09:04:07 UTC 2021 

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

The following commit(s) were added to refs/heads/master by this push:
     new 96c99ae6 Add CVEs for security issues fixed in 3.0.32 stable
96c99ae6 is described below

commit 96c99ae6fec833a33cf6265abb30165ca3355b3e
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Sat Mar 6 09:47:17 2021 +0100

    Add CVEs for security issues fixed in 3.0.32 stable
---
 ChangeLog | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2c08cf92..4a02dc74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,25 +6,25 @@ ChangeLog for Privoxy
 - Security/Reliability:
   - ssplit(): Remove an assertion that could be triggered with a
     crafted CGI request.
-    Commit 2256d7b4d67. OVE-20210203-0001.
+    Commit 2256d7b4d67. OVE-20210203-0001. CVE-2021-20272.
     Reported by: Joshua Rogers (Opera)
   - cgi_send_banner(): Overrule invalid image types. Prevents a
     crash with a crafted CGI request if Privoxy is toggled off.
-    Commit e711c505c48. OVE-20210206-0001.
+    Commit e711c505c48. OVE-20210206-0001. CVE-2021-20273.
     Reported by: Joshua Rogers (Opera)
   - socks5_connect(): Don't try to send credentials when none are
     configured. Fixes a crash due to a NULL-pointer dereference
     when the socks server misbehaves.
-    Commit 85817cc55b9. OVE-20210207-0001.
+    Commit 85817cc55b9. OVE-20210207-0001. CVE-2021-20274.
     Reported by: Joshua Rogers (Opera)
   - chunked_body_is_complete(): Prevent an invalid read of size two.
-    Commit a912ba7bc9c. OVE-20210205-0001.
+    Commit a912ba7bc9c. OVE-20210205-0001. CVE-2021-20275.
     Reported by: Joshua Rogers (Opera)
   - Obsolete pcre: Prevent invalid memory accesses with an invalid
     pattern passed to pcre_compile(). Note that the obsolete pcre code
     is scheduled to be removed before the 3.0.33 release. There has been
     a warning since 2008 already.
-    Commit 28512e5b624. OVE-20210222-0001.
+    Commit 28512e5b624. OVE-20210222-0001. CVE-2021-20276.
     Reported by: Joshua Rogers (Opera)
 
 - Bug fixes:

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Privoxy-commits mailing list