diff options
| author | Daniel Friesel <derf@finalrewind.org> | 2011-02-09 20:22:05 +0100 |
|---|---|---|
| committer | Daniel Friesel <derf@finalrewind.org> | 2011-02-09 20:22:05 +0100 |
| commit | 0a31528663cafafc9382b602d7f9e08c1bf6bf84 (patch) | |
| tree | d223a075c7e19b4d2752beb4787edaa0d4585f02 /ChangeLog | |
| parent | 23421a86cc826dd30f3dc4f62057fafb04b3ac40 (diff) | |
Update changelog
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 10 |
1 files changed, 8 insertions, 2 deletions
@@ -3,9 +3,15 @@ git HEAD * Add --zoom fill as equivalent for --auto-zoom * Add --zoom max (zooming like in --bg-max) * --menu-style is now deprecated + +Wed, 09 Feb 2011 20:11:26 +0100 Daniel Friesel <derf@finalrewind.org> + +* Release v1.11.2 * Use wget --no-clobber to prevent TOCTTOU-based hole allowing a - well-informed attacker to rewrite arbitrary user files. An attacker can - still use it to _create_ arbitrary files. + well-informed attacker to rewrite arbitrary user files with images. + The attacker needs to know feh's PID and the URL the user gave it. + It is still possible for an attacker to _create_ arbitrary files via the + same hole. Wed, 26 Jan 2011 21:07:19 +0100 Daniel Friesel <derf@finalrewind.org> |