diff options
author | Florian Bruhin <me@the-compiler.org> | 2019-02-17 15:27:18 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-17 15:27:18 +0100 |
commit | e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4 (patch) | |
tree | 3250b0d9a2b15a2be6a3935d207ae8e79490a354 | |
parent | 267537d58ab30ac405acdc0e25fd9eefd91df413 (diff) | |
parent | 7f518d0ce6cefd48e26b872ed16ad0eb8eca1438 (diff) | |
download | qutebrowser-e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4.tar.gz qutebrowser-e9908c1d0b6a5eb49bc607e75d79b0f544afd1a4.zip |
Merge pull request #4528 from blueyed/doc
doc: link CVE [ci skip]
-rw-r--r-- | doc/changelog.asciidoc | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc index ac1a9f898..f484ee34c 100644 --- a/doc/changelog.asciidoc +++ b/doc/changelog.asciidoc @@ -383,11 +383,11 @@ v1.3.3 Security ~~~~~~~~ -- An XSS vulnerability on the `qute://history` page allowed websites to inject - HTML into the page via a crafted title tag. This could allow them to steal - your browsing history. If you're currently unable to upgrade, avoid using - `:history`. A CVE request for this issue is pending, see - https://github.com/qutebrowser/qutebrowser/issues/4011[#4011] for updates. +- CVE-2018-1000559: An XSS vulnerability on the `qute://history` page allowed + websites to inject HTML into the page via a crafted title tag. This could + allow them to steal your browsing history. If you're currently unable to + upgrade, avoid using `:history`. See the related GitHub issue for details: + https://github.com/qutebrowser/qutebrowser/issues/4011. Fixed ~~~~~ |