From ae56ce24b10767800b1715e7e68b41c7d3571b4c Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@derf.homelinux.org>
Date: Fri, 25 Jun 2010 13:18:05 +0200
Subject: Remove --wget-timestamp option (contained a remote code execution
 hole)

---
 ChangeLog | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index ca1a182..3e21695 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -11,6 +11,10 @@ git HEAD
     * Saving the filelist from thumbnail mode caused undefined behaviour due
       to handling of uninitialised memory. Since I consider this a rarely
       useful action, the feature has been disabled for thumbnail mode.
+    * Remove -G/--wget-timestamp option. It was probably not working
+      correctly, plus it contained a remote code execution hole when used with
+      malicious URLs containing shell metacharacters (but only if those URLs
+      led to a valid file)
 
 Thu Jun 10 12:12:04 CEST 2010
 
-- 
cgit v1.2.3