From 0a31528663cafafc9382b602d7f9e08c1bf6bf84 Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Wed, 9 Feb 2011 20:22:05 +0100
Subject: Update changelog

---
 ChangeLog | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index 2d656ba..41742ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,15 @@ git HEAD
     * Add --zoom fill as equivalent for --auto-zoom
     * Add --zoom max (zooming like in --bg-max)
     * --menu-style is now deprecated
+
+Wed, 09 Feb 2011 20:11:26 +0100  Daniel Friesel <derf@finalrewind.org>
+
+* Release v1.11.2
     * Use wget --no-clobber to prevent TOCTTOU-based hole allowing a
-      well-informed attacker to rewrite arbitrary user files. An attacker can
-      still use it to _create_ arbitrary files.
+      well-informed attacker to rewrite arbitrary user files with images.
+      The attacker needs to know feh's PID and the URL the user gave it.
+      It is still possible for an attacker to _create_ arbitrary files via the
+      same hole.
 
 Wed, 26 Jan 2011 21:07:19 +0100  Daniel Friesel <derf@finalrewind.org>
 
-- 
cgit v1.2.3