[Privoxy-commits] [privoxy] 02/04: Update the announcement for Privoxy 4.2.0

User Git git at git.privoxy.org
Mon Jun 1 20:23:10 CEST 2026 

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

commit a4c9fb53e009c8f281a57f629c2d1565d4214339
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Mon Jun 1 20:06:56 2026 +0200

    Update the announcement for Privoxy 4.2.0
    
    ... the reporter of the potential security issues responded
    yesterday so the previous wording was no longer true.
---
 doc/webserver/announce.txt | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/doc/webserver/announce.txt b/doc/webserver/announce.txt
index 9556e70c..cbf782ad 100644
--- a/doc/webserver/announce.txt
+++ b/doc/webserver/announce.txt
@@ -1,14 +1,10 @@
                Announcing Privoxy 4.2.0 stable
 --------------------------------------------------------------------
 
-Privoxy 4.2.0 fixes a couple of bugs including two reported security
-issues and brings a couple of general improvements including support
-for elliptic-curve keys.
+Privoxy 4.2.0 fixes a couple of bugs and brings general improvements
+such as support for elliptic-curve keys.
 
-Unfortunately the reporter of the alleged security issues did not
-answer questions about the report that was based on an unofficial git
-mirror which was apparently two years behind. CVEs have been requested
-but haven't been assigned in time for the release.
+Two potential security problems have been reported and addressed.
 
 The Privoxy project is currently underfunded and the income doesn't
 even cover the hosting expenses (~161 EUR/month). If you can afford
@@ -17,7 +13,7 @@ it, please consider making a donation (https://www.privoxy.org/donate).
 --------------------------------------------------------------------
 ChangeLog for Privoxy 4.2.0
 --------------------------------------------------------------------
-- Security fixes:
+- Security improvements:
   - Parse the chunk-size with a dedicated function and reject "unreasonably"
     large values to prevent silent truncation by sscanf(), integer overflows
     and misinterpretation of the content later on. Heap buffer overflows on

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Privoxy-commits mailing list