From 0a31528663cafafc9382b602d7f9e08c1bf6bf84 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Wed, 9 Feb 2011 20:22:05 +0100 Subject: Update changelog --- ChangeLog | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 2d656ba..41742ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,9 +3,15 @@ git HEAD * Add --zoom fill as equivalent for --auto-zoom * Add --zoom max (zooming like in --bg-max) * --menu-style is now deprecated + +Wed, 09 Feb 2011 20:11:26 +0100 Daniel Friesel + +* Release v1.11.2 * Use wget --no-clobber to prevent TOCTTOU-based hole allowing a - well-informed attacker to rewrite arbitrary user files. An attacker can - still use it to _create_ arbitrary files. + well-informed attacker to rewrite arbitrary user files with images. + The attacker needs to know feh's PID and the URL the user gave it. + It is still possible for an attacker to _create_ arbitrary files via the + same hole. Wed, 26 Jan 2011 21:07:19 +0100 Daniel Friesel -- cgit v1.2.3