X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=ChangeLog;h=7da195a1b0573b659ae536282ca00074e1823137;hp=070071e40488329baa633f47328413b0c3f1d377;hb=f0cb1f93318e64f8205425923b6597a7a8e876b8;hpb=88de4926347fce9a3007692cfb220fedeff3a141

diff --git a/ChangeLog b/ChangeLog
index 070071e4..7da195a1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -163,6 +163,9 @@ Version 1.5.2 - CVS
     and mailto functionality [CVE-2006-6142].
   - Security: work around an issue in Internet Explorer that would guess
     the mime type of a file based on contents, not Content-Type header.
+  - Security: Multiple IE cross site scripting issues related to the
+    generous parsing of the words 'expression' and 'url' by IE.
+  - Security: Removing @import when sanitizing html mail.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------