From 703819335d06649082c58a74e839dfe2273783d4 Mon Sep 17 00:00:00 2001 From: "Ignacio R. Morelle" Date: Tue, 16 Jun 2015 23:17:00 -0300 Subject: [PATCH] Update changelogs for bug #23440 --- changelog | 2 +- players_changelog | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/changelog b/changelog index 3a2672e8ea64..18a796d9d5eb 100644 --- a/changelog +++ b/changelog @@ -2,6 +2,7 @@ Version 1.10.7+dev: * Security fixes: * Disallowed inclusion of .pbl files from WML (bug #23504), independent of file name case. + * Fixed arbitrary file read by WML/Lua API (CVE-2015-0844, bug #23440). * Add-ons client: * Fixed invalid file size data from the server crashing the client on the network transfer progress dialog (bug #20893). @@ -29,7 +30,6 @@ Version 1.10.7+dev: color codes as the start of a comment. * Fixed: Compilation with CLang 3.2 and libc++. * Fixed bug #20876: A segfault in cut_surface. - * Fix bug #22042: filesystem content disclosure issue affecting Lua APIs Version 1.10.7: * Add-ons server: diff --git a/players_changelog b/players_changelog index 4f16ce6dce1c..a625e00458c4 100644 --- a/players_changelog +++ b/players_changelog @@ -6,6 +6,7 @@ Version 1.10.7+dev: * Security fixes: * Disallowed inclusion of .pbl files from WML (bug #23504), independent of file name case. + * Fixed arbitrary file read by WML/Lua API (CVE-2015-0844, bug #23440). * Language and i18n: * Updated translations: British English, Chinese (Traditional), German,