From 961811254385b3734900e262406cf8ba22c8850b Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 19 Feb 2023 18:49:28 +0100
Subject: Adding note about CVE-2021-3427 to changelog for 2.1.1-1 upload.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/changelog | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index a69c590..b8aa0b3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,7 +11,12 @@ deluge (2.1.1-2) experimental; urgency=medium
 deluge (2.1.1-1) experimental; urgency=medium
 
   * Uploading to experimental.
-  * Merging upstream version 2.1.1 (Closes: #1026291).
+  * Merging upstream version 2.1.1 (Closes: #1026291):
+    - fixes XSS vulnerability through a crafted torrent file.
+      The the data from torrent files is not properly sanitised as it's
+      interpreted directly as HTML. Someone who supplies the user with a
+      malicious torrent file can execute arbitrary Javascript code in the
+      context of the user's browser session [CVE-2021-3427] (Closes: #1019594).
   * Updating to standards version 4.6.2.
   * Adding Rules-Required-Root field.
   * Updating vcs fields.
-- 
cgit v1.2.3