diff options
| -rw-r--r-- | debian/changelog | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index a69c590..b8aa0b3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,7 +11,12 @@ deluge (2.1.1-2) experimental; urgency=medium deluge (2.1.1-1) experimental; urgency=medium * Uploading to experimental. - * Merging upstream version 2.1.1 (Closes: #1026291). + * Merging upstream version 2.1.1 (Closes: #1026291): + - fixes XSS vulnerability through a crafted torrent file. + The the data from torrent files is not properly sanitised as it's + interpreted directly as HTML. Someone who supplies the user with a + malicious torrent file can execute arbitrary Javascript code in the + context of the user's browser session [CVE-2021-3427] (Closes: #1019594). * Updating to standards version 4.6.2. * Adding Rules-Required-Root field. * Updating vcs fields. |