diff options
| -rw-r--r-- | debian/changelog | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index 69ff6447d..3b9cc4a1d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,7 +10,13 @@ netdata (1.11.0+dfsg-1~exp1) experimental; urgency=medium * Update watch file [ Daniel Baumann ] - * Merging upstream version 1.11.0+dfsg. + * Merging upstream version 1.11.0+dfsg: + - Fixed JSON Header Injection (an attacker could send \n encoded in the + request to inject a JSON fragment into the response) [CVE-2018-18836]. + - Fixed HTTP Header Injection (an attacker could send \n encoded in the + request to inject an HTTP header into the response) [CVE-2018-18837]. + - Fixed LOG Injection (an attacker could send \n encoded in the request + to inject a log line at access.log) [CVE-2018-18838]. * Updating excluded files in copyright file. * Updating upstream url in various debian packaging files. |