Merge pull request #4528 from blueyed/doc

doc: link CVE [ci skip]
author: Florian Bruhin <me@the-compiler.org> 2019-02-17 15:27:18 +0100
committer: GitHub <noreply@github.com> 2019-02-17 15:27:18 +0100
commit: e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4 (patch)
tree: 3250b0d9a2b15a2be6a3935d207ae8e79490a354
parent: 267537d58ab30ac405acdc0e25fd9eefd91df413 (diff)
parent: 7f518d0ce6cefd48e26b872ed16ad0eb8eca1438 (diff)
download: qutebrowser-e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4.tar.gz
qutebrowser-e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index ac1a9f898..f484ee34c 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -383,11 +383,11 @@ v1.3.3
 Security
 ~~~~~~~~
 
-- An XSS vulnerability on the `qute://history` page allowed websites to inject
-  HTML into the page via a crafted title tag. This could allow them to steal
-  your browsing history. If you're currently unable to upgrade, avoid using
-  `:history`. A CVE request for this issue is pending, see
-  https://github.com/qutebrowser/qutebrowser/issues/4011[#4011] for updates.
+- CVE-2018-1000559: An XSS vulnerability on the `qute://history` page allowed
+  websites to inject HTML into the page via a crafted title tag. This could
+  allow them to steal your browsing history. If you're currently unable to
+  upgrade, avoid using `:history`. See the related GitHub issue for details:
+  https://github.com/qutebrowser/qutebrowser/issues/4011.
 
 Fixed
 ~~~~~
author	Florian Bruhin <me@the-compiler.org>	2019-02-17 15:27:18 +0100
committer	GitHub <noreply@github.com>	2019-02-17 15:27:18 +0100
commit	e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4 (patch)
tree	3250b0d9a2b15a2be6a3935d207ae8e79490a354
parent	267537d58ab30ac405acdc0e25fd9eefd91df413 (diff)
parent	7f518d0ce6cefd48e26b872ed16ad0eb8eca1438 (diff)
download	qutebrowser-e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4.tar.gz qutebrowser-e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4.zip