diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2018-12-28 16:39:31 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2018-12-28 16:39:31 +0000 |
commit | 7cb67225ec9149707b95231f3ec61f2fd9407243 (patch) | |
tree | 95ba8bcb25571f8ec24f2ea5fa8465c7f7995e53 | |
parent | Harmonizing patch filenames. (diff) | |
download | netdata-7cb67225ec9149707b95231f3ec61f2fd9407243.tar.xz netdata-7cb67225ec9149707b95231f3ec61f2fd9407243.zip |
Adding entries with CVE numbers to previous upstream version in debian changelog.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | debian/changelog | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 69ff6447..3b9cc4a1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,7 +10,13 @@ netdata (1.11.0+dfsg-1~exp1) experimental; urgency=medium * Update watch file [ Daniel Baumann ] - * Merging upstream version 1.11.0+dfsg. + * Merging upstream version 1.11.0+dfsg: + - Fixed JSON Header Injection (an attacker could send \n encoded in the + request to inject a JSON fragment into the response) [CVE-2018-18836]. + - Fixed HTTP Header Injection (an attacker could send \n encoded in the + request to inject an HTTP header into the response) [CVE-2018-18837]. + - Fixed LOG Injection (an attacker could send \n encoded in the request + to inject a log line at access.log) [CVE-2018-18838]. * Updating excluded files in copyright file. * Updating upstream url in various debian packaging files. |