Adding entries with CVE numbers to previous upstream version in debian changelog.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2018-12-28 16:39:31 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2018-12-28 16:39:31 +0000
commit: 7cb67225ec9149707b95231f3ec61f2fd9407243 (patch)
tree: 95ba8bcb25571f8ec24f2ea5fa8465c7f7995e53
parent: Harmonizing patch filenames. (diff)
download: netdata-7cb67225ec9149707b95231f3ec61f2fd9407243.tar.xz
netdata-7cb67225ec9149707b95231f3ec61f2fd9407243.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog
index 69ff6447..3b9cc4a1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,7 +10,13 @@ netdata (1.11.0+dfsg-1~exp1) experimental; urgency=medium
   * Update watch file
 
   [ Daniel Baumann ]
-  * Merging upstream version 1.11.0+dfsg.
+  * Merging upstream version 1.11.0+dfsg:
+    - Fixed JSON Header Injection (an attacker could send \n encoded in the
+      request to inject a JSON fragment into the response) [CVE-2018-18836].
+    - Fixed HTTP Header Injection (an attacker could send \n encoded in the
+      request to inject an HTTP header into the response) [CVE-2018-18837].
+    - Fixed LOG Injection (an attacker could send \n encoded in the request
+      to inject a log line at access.log) [CVE-2018-18838].
   * Updating excluded files in copyright file.
   * Updating upstream url in various debian packaging files.
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2018-12-28 16:39:31 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2018-12-28 16:39:31 +0000
commit	7cb67225ec9149707b95231f3ec61f2fd9407243 (patch)
tree	95ba8bcb25571f8ec24f2ea5fa8465c7f7995e53
parent	Harmonizing patch filenames. (diff)
download	netdata-7cb67225ec9149707b95231f3ec61f2fd9407243.tar.xz netdata-7cb67225ec9149707b95231f3ec61f2fd9407243.zip