Remove --wget-timestamp option (contained a remote code execution hole)

author: Daniel Friesel <derf@derf.homelinux.org> 2010-06-25 13:18:05 +0200
committer: Daniel Friesel <derf@derf.homelinux.org> 2010-06-25 13:18:05 +0200
commit: ae56ce24b10767800b1715e7e68b41c7d3571b4c (patch)
tree: 3dd0fe8cb8d7a61e39f1ec7098420842a20fe411 /ChangeLog
parent: 31ea3cb8e0f62bfc7f502c1f8250d73bbccc208d (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index ca1a182..3e21695 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,10 @@ git HEAD
     * Saving the filelist from thumbnail mode caused undefined behaviour due
       to handling of uninitialised memory. Since I consider this a rarely
       useful action, the feature has been disabled for thumbnail mode.
+    * Remove -G/--wget-timestamp option. It was probably not working
+      correctly, plus it contained a remote code execution hole when used with
+      malicious URLs containing shell metacharacters (but only if those URLs
+      led to a valid file)
 
 Thu Jun 10 12:12:04 CEST 2010
author	Daniel Friesel <derf@derf.homelinux.org>	2010-06-25 13:18:05 +0200
committer	Daniel Friesel <derf@derf.homelinux.org>	2010-06-25 13:18:05 +0200
commit	ae56ce24b10767800b1715e7e68b41c7d3571b4c (patch)
tree	3dd0fe8cb8d7a61e39f1ec7098420842a20fe411 /ChangeLog
parent	31ea3cb8e0f62bfc7f502c1f8250d73bbccc208d (diff)