summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
1 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 98cee36..6359db8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Wed, 09 Feb 2011 20:11:26 +0100 Daniel Friesel <derf@finalrewind.org>
+
+* Release v1.11.2
+ * Use wget --no-clobber to prevent TOCTTOU-based hole allowing a
+ well-informed attacker to rewrite arbitrary user files with images.
+ The attacker needs to know feh's PID and the URL the user gave it.
+ It is still possible for an attacker to _create_ arbitrary files via the
+ same hole.
+
Wed, 26 Jan 2011 21:07:19 +0100
* Release v1.11.1