Adding note about CVE-2021-3427 to changelog for 2.1.1-1 upload.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2023-02-19 17:49:28 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2023-02-19 17:49:28 +0000
commit: 42fc9b171836aaef90b3607b4390f209e93370b9 (patch)
tree: b41cae9c55cad0824f39b73c2ec9673c99d47848
parent: Adding deluge-web initscript (Closes: #722719). (diff)
download: deluge-42fc9b171836aaef90b3607b4390f209e93370b9.tar.xz
deluge-42fc9b171836aaef90b3607b4390f209e93370b9.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index a69c590..b8aa0b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,7 +11,12 @@ deluge (2.1.1-2) experimental; urgency=medium
 deluge (2.1.1-1) experimental; urgency=medium
 
   * Uploading to experimental.
-  * Merging upstream version 2.1.1 (Closes: #1026291).
+  * Merging upstream version 2.1.1 (Closes: #1026291):
+    - fixes XSS vulnerability through a crafted torrent file.
+      The the data from torrent files is not properly sanitised as it's
+      interpreted directly as HTML. Someone who supplies the user with a
+      malicious torrent file can execute arbitrary Javascript code in the
+      context of the user's browser session [CVE-2021-3427] (Closes: #1019594).
   * Updating to standards version 4.6.2.
   * Adding Rules-Required-Root field.
   * Updating vcs fields.
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2023-02-19 17:49:28 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2023-02-19 17:49:28 +0000
commit	42fc9b171836aaef90b3607b4390f209e93370b9 (patch)
tree	b41cae9c55cad0824f39b73c2ec9673c99d47848
parent	Adding deluge-web initscript (Closes: #722719). (diff)
download	deluge-42fc9b171836aaef90b3607b4390f209e93370b9.tar.xz deluge-42fc9b171836aaef90b3607b4390f209e93370b9.zip