projects / mirror / userdir-ldap-cgi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Various fixes for XSS and bad crypto. No claim to completeness.
[mirror/userdir-ldap-cgi.git] / debian / changelog
diff --git a/debian/changelog b/debian/changelog
index 6b2f8fc..fa915a1 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,20 @@
-userdir-ldap-cgi (0.3.39) UNRELEASED; urgency=medium
+userdir-ldap-cgi (0.3.39) unstable; urgency=medium
 
   [ Peter Palfrader ]
   * Fix changelog entries.  The previos "UNRELEASED" version
     was actually released.
   * Use new CA root cert in Util.pm.
+  * Fix a XSS reported in
+    https://trac.torproject.org/projects/tor/ticket/14037
+  * Fix horrible use of crypto primitives.
+  * Add HMAC authentication to authtoken.
+  * Verify that the uid passed as a get parameters matches the
+    one stored in authtoken.
 
   [ Hector Oron ]
   * machines.cgi: add description field, more informative.
 
- -- Peter Palfrader <weasel@debian.org>  Sun, 21 Dec 2014 10:13:44 +0100
+ -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:30:18 +0100
 
 userdir-ldap-cgi (0.3.38~20130906+1+nmu1) UNRELEASED; urgency=low
 
Mirror of Debian's userdir-ldap-cgi repository