From c88a94f1cc380c4e82dd0d1b18eb7411c7a0b892 Mon Sep 17 00:00:00 2001
From: Florian Bruhin <git@the-compiler.org>
Date: Thu, 21 Jun 2018 23:30:27 +0200
Subject: Update changelog

(cherry picked from commit 66fc3a30dd710712fa5b6d9dc2f6fa92689be021)
---
 doc/changelog.asciidoc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index 3ea80be50..ba1162bb3 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -24,7 +24,8 @@ Security
 - An XSS vulnerability on the `qute://history` page allowed websites to inject
   HTML into the page via a crafted title tag. This could allow them to steal
   your browsing history. If you're currently unable to upgrade, avoid using
-  `:history`.
+  `:history`. A CVE request for this issue is pending, see
+  https://github.com/qutebrowser/qutebrowser/issues/4011[#4011] for updates.
 
 Fixed
 ~~~~~
-- 
cgit v1.2.3-54-g00ecf