summaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorDaniel Friesel <derf@derf.homelinux.org>2010-06-25 13:18:05 +0200
committerDaniel Friesel <derf@derf.homelinux.org>2010-06-25 13:18:05 +0200
commitae56ce24b10767800b1715e7e68b41c7d3571b4c (patch)
tree3dd0fe8cb8d7a61e39f1ec7098420842a20fe411 /ChangeLog
parent31ea3cb8e0f62bfc7f502c1f8250d73bbccc208d (diff)
Remove --wget-timestamp option (contained a remote code execution hole)
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog4
1 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index ca1a182..3e21695 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,10 @@ git HEAD
* Saving the filelist from thumbnail mode caused undefined behaviour due
to handling of uninitialised memory. Since I consider this a rarely
useful action, the feature has been disabled for thumbnail mode.
+ * Remove -G/--wget-timestamp option. It was probably not working
+ correctly, plus it contained a remote code execution hole when used with
+ malicious URLs containing shell metacharacters (but only if those URLs
+ led to a valid file)
Thu Jun 10 12:12:04 CEST 2010