X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap-cgi.git;a=blobdiff_plain;f=debian%2Fchangelog;h=fa915a1cdb81db562fa36553728d93818951af81;hp=6b2f8fc5f4e3a6b087268f5f528292593b8f7ead;hb=b33011c65aeb65e4b06b127077d6a225f764d042;hpb=b0f8e57cce2bf0ab7a693ffac1ab1cc62f59b13c

diff --git a/debian/changelog b/debian/changelog
index 6b2f8fc..fa915a1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,20 @@
-userdir-ldap-cgi (0.3.39) UNRELEASED; urgency=medium
+userdir-ldap-cgi (0.3.39) unstable; urgency=medium
 
   [ Peter Palfrader ]
   * Fix changelog entries.  The previos "UNRELEASED" version
     was actually released.
   * Use new CA root cert in Util.pm.
+  * Fix a XSS reported in
+    https://trac.torproject.org/projects/tor/ticket/14037
+  * Fix horrible use of crypto primitives.
+  * Add HMAC authentication to authtoken.
+  * Verify that the uid passed as a get parameters matches the
+    one stored in authtoken.
 
   [ Hector Oron ]
   * machines.cgi: add description field, more informative.
 
- -- Peter Palfrader <weasel@debian.org>  Sun, 21 Dec 2014 10:13:44 +0100
+ -- Peter Palfrader <weasel@debian.org>  Sat, 03 Jan 2015 13:30:18 +0100
 
 userdir-ldap-cgi (0.3.38~20130906+1+nmu1) UNRELEASED; urgency=low