Adding note about CVE-2021-3427 to changelog for 2.1.1-1 upload.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2023-02-19 17:49:28 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2023-02-19 20:17:27 +0000
commit: 961811254385b3734900e262406cf8ba22c8850b (patch)
tree: 312626804a5e8e1cecdd7c7135606eb5ab6d1f7d
parent: Releasing debian version 2.1.1-2. (diff)
download: deluge-961811254385b3734900e262406cf8ba22c8850b.tar.xz
deluge-961811254385b3734900e262406cf8ba22c8850b.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index a69c590..b8aa0b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,7 +11,12 @@ deluge (2.1.1-2) experimental; urgency=medium
 deluge (2.1.1-1) experimental; urgency=medium
 
   * Uploading to experimental.
-  * Merging upstream version 2.1.1 (Closes: #1026291).
+  * Merging upstream version 2.1.1 (Closes: #1026291):
+    - fixes XSS vulnerability through a crafted torrent file.
+      The the data from torrent files is not properly sanitised as it's
+      interpreted directly as HTML. Someone who supplies the user with a
+      malicious torrent file can execute arbitrary Javascript code in the
+      context of the user's browser session [CVE-2021-3427] (Closes: #1019594).
   * Updating to standards version 4.6.2.
   * Adding Rules-Required-Root field.
   * Updating vcs fields.
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2023-02-19 17:49:28 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2023-02-19 20:17:27 +0000
commit	961811254385b3734900e262406cf8ba22c8850b (patch)
tree	312626804a5e8e1cecdd7c7135606eb5ab6d1f7d
parent	Releasing debian version 2.1.1-2. (diff)
download	deluge-961811254385b3734900e262406cf8ba22c8850b.tar.xz deluge-961811254385b3734900e262406cf8ba22c8850b.zip