Hello community, here is the log from the commit of package privoxy for openSUSE:Factory checked in at 2016-01-28 17:22:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/privoxy (Old) and /work/SRC/openSUSE:Factory/.privoxy.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "privoxy" Changes: -------- --- /work/SRC/openSUSE:Factory/privoxy/privoxy.changes 2015-01-29 09:58:35.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.privoxy.new/privoxy.changes 2016-01-28 17:22:45.000000000 +0100 @@ -1,0 +2,15 @@ +Sat Jan 23 19:46:10 UTC 2016 - astieger@suse.com + +- Privoxy 3.0.24 + Includes fixes for two security issues that may be used to + remotely trigger crashes on platforms that carefully check memory + accesses. + * Security fixes (denial of service): + + Prevent invalid reads in case of corrupt chunk-encoded + content. CVE-2016-1982 [boo#963151] + + Remove empty Host headers in client requests. Previously + they would result in invalid reads. CVE-2016-1983 [boo#963152] + * General bug fixes and improvements + * White and blacklist updates + +------------------------------------------------------------------- Old: ---- privoxy-3.0.23-stable-src.tar.gz New: ---- privoxy-3.0.24-stable-src.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ privoxy.spec ++++++ --- /var/tmp/diff_new_pack.2Rk6P8/_old 2016-01-28 17:22:46.000000000 +0100 +++ /var/tmp/diff_new_pack.2Rk6P8/_new 2016-01-28 17:22:46.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package privoxy # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,7 +30,7 @@ %endif %endif Name: privoxy -Version: 3.0.23 +Version: 3.0.24 Release: 0 Summary: The Internet Junkbuster - HTTP Proxy Server License: GPL-2.0+ @@ -227,7 +227,7 @@ %{_sysconfdir}/NetworkManager/dispatcher.d/privoxyd %dir %{_sysconfdir}/NetworkManager %dir %{_sysconfdir}/NetworkManager/dispatcher.d -%doc %{_mandir}/man1/privoxy.1.gz +%{_mandir}/man1/privoxy.1.gz %config(noreplace) %{_sysconfdir}/logrotate.d/privoxy %dir /%{chroot}/etc %config(noreplace) /%{chroot}%{_sysconfdir}/config ++++++ privoxy-3.0.23-stable-src.tar.gz -> privoxy-3.0.24-stable-src.tar.gz ++++++ ++++ 4407 lines of diff (skipped)