summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2018-12-28 16:39:31 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2018-12-28 16:39:31 +0000
commit7cb67225ec9149707b95231f3ec61f2fd9407243 (patch)
tree95ba8bcb25571f8ec24f2ea5fa8465c7f7995e53
parentHarmonizing patch filenames. (diff)
downloadnetdata-7cb67225ec9149707b95231f3ec61f2fd9407243.tar.xz
netdata-7cb67225ec9149707b95231f3ec61f2fd9407243.zip
Adding entries with CVE numbers to previous upstream version in debian changelog.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog8
1 files changed, 7 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 69ff6447d..3b9cc4a1d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,7 +10,13 @@ netdata (1.11.0+dfsg-1~exp1) experimental; urgency=medium
* Update watch file
[ Daniel Baumann ]
- * Merging upstream version 1.11.0+dfsg.
+ * Merging upstream version 1.11.0+dfsg:
+ - Fixed JSON Header Injection (an attacker could send \n encoded in the
+ request to inject a JSON fragment into the response) [CVE-2018-18836].
+ - Fixed HTTP Header Injection (an attacker could send \n encoded in the
+ request to inject an HTTP header into the response) [CVE-2018-18837].
+ - Fixed LOG Injection (an attacker could send \n encoded in the request
+ to inject a log line at access.log) [CVE-2018-18838].
* Updating excluded files in copyright file.
* Updating upstream url in various debian packaging files.