diff options
author | Daniel Friesel <derf@finalrewind.org> | 2011-02-09 20:14:54 +0100 |
---|---|---|
committer | Daniel Friesel <derf@finalrewind.org> | 2011-02-09 20:14:54 +0100 |
commit | 29ab0855f044ef2fe9c295b72abefcb37f0861a5 (patch) | |
tree | 9c0193cfba2df38f8fd452766e4da880bdb8bda5 /ChangeLog | |
parent | a16225248e8feca0020113c4e93a30600a35b8f0 (diff) |
Release v1.11.2 (unlikely issue, but a release never hurts)1.11.2
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -1,3 +1,12 @@ +Wed, 09 Feb 2011 20:11:26 +0100 Daniel Friesel <derf@finalrewind.org> + +* Release v1.11.2 + * Use wget --no-clobber to prevent TOCTTOU-based hole allowing a + well-informed attacker to rewrite arbitrary user files with images. + The attacker needs to know feh's PID and the URL the user gave it. + It is still possible for an attacker to _create_ arbitrary files via the + same hole. + Wed, 26 Jan 2011 21:07:19 +0100 * Release v1.11.1 |