diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-02-19 17:49:28 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-02-19 20:17:27 +0000 |
commit | 961811254385b3734900e262406cf8ba22c8850b (patch) | |
tree | 312626804a5e8e1cecdd7c7135606eb5ab6d1f7d | |
parent | Releasing debian version 2.1.1-2. (diff) | |
download | deluge-961811254385b3734900e262406cf8ba22c8850b.tar.xz deluge-961811254385b3734900e262406cf8ba22c8850b.zip |
Adding note about CVE-2021-3427 to changelog for 2.1.1-1 upload.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | debian/changelog | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index a69c590..b8aa0b3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,7 +11,12 @@ deluge (2.1.1-2) experimental; urgency=medium deluge (2.1.1-1) experimental; urgency=medium * Uploading to experimental. - * Merging upstream version 2.1.1 (Closes: #1026291). + * Merging upstream version 2.1.1 (Closes: #1026291): + - fixes XSS vulnerability through a crafted torrent file. + The the data from torrent files is not properly sanitised as it's + interpreted directly as HTML. Someone who supplies the user with a + malicious torrent file can execute arbitrary Javascript code in the + context of the user's browser session [CVE-2021-3427] (Closes: #1019594). * Updating to standards version 4.6.2. * Adding Rules-Required-Root field. * Updating vcs fields. |