X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=debian%2Fchangelog;h=fa915a1cdb81db562fa36553728d93818951af81;hb=b33011c65aeb65e4b06b127077d6a225f764d042;hp=c7baadc837f1dc869b87af9c74995c94d1172017;hpb=97a522c385baa43be7889b62d8e07ce9cfa2dc31;p=mirror%2Fuserdir-ldap-cgi.git

diff --git a/debian/changelog b/debian/changelog
index c7baadc..fa915a1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,20 @@
-userdir-ldap-cgi (0.3.39) UNRELEASED; urgency=medium
+userdir-ldap-cgi (0.3.39) unstable; urgency=medium
 
   [ Peter Palfrader ]
   * Fix changelog entries.  The previos "UNRELEASED" version
     was actually released.
+  * Use new CA root cert in Util.pm.
+  * Fix a XSS reported in
+    https://trac.torproject.org/projects/tor/ticket/14037
+  * Fix horrible use of crypto primitives.
+  * Add HMAC authentication to authtoken.
+  * Verify that the uid passed as a get parameters matches the
+    one stored in authtoken.
 
   [ Hector Oron ]
   * machines.cgi: add description field, more informative.
 
- -- Peter Palfrader <weasel@debian.org>  Sun, 21 Dec 2014 10:12:41 +0100
+ -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:30:18 +0100
 
 userdir-ldap-cgi (0.3.38~20130906+1+nmu1) UNRELEASED; urgency=low