add another applicable cve ID to the changelog,

[squirrelmail.git] / ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 015fcf1d0d5751dd84da449681d24aae24db89fc..594c89b9d80dc65780ae00709eec9cdece2b17e6 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -199,7 +199,7 @@ Version 1.5.2 - SVN
     HTML attachments containing 'data:' URLs, Internet Explorer-specifc
     charset conversion exploits, and request forgery through included
     images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
-    for reporting these issues. [CVE-2007-1262]
+    for reporting these issues. [CVE-2007-1262, CVE-2007-2589]
   - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
   - Resolved issue with compose session not being updated after send/save.
   - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
@@ -207,6 +207,7 @@ Version 1.5.2 - SVN
   - Fix test for signout.php in the logged in check in init.php so it
     cannot be circumvented by manipulating the URL. External plugins might
     rely on init.php guaranteeing that the user is logged in.
+  - Sort readdir() output in conf.pl (#1755886).
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------