add security fixes to changelog

author kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Mon, 4 Dec 2006 08:46:31 +0000 (08:46 +0000)

committer kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Mon, 4 Dec 2006 08:46:31 +0000 (08:46 +0000)
author kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 4 Dec 2006 08:46:31 +0000 (08:46 +0000)
committer kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 4 Dec 2006 08:46:31 +0000 (08:46 +0000)
diff --git a/ChangeLog b/ChangeLog

index 070071e40488329baa633f47328413b0c3f1d377..7da195a1b0573b659ae536282ca00074e1823137 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -163,6 +163,9 @@ Version 1.5.2 - CVS
      and mailto functionality [CVE-2006-6142].
    - Security: work around an issue in Internet Explorer that would guess
      the mime type of a file based on contents, not Content-Type header.
+  - Security: Multiple IE cross site scripting issues related to the
+    generous parsing of the words 'expression' and 'url' by IE.
+  - Security: Removing @import when sanitizing html mail.
  
  Version 1.5.1 (branched on 2006-02-12)
  --------------------------------------
author	kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Mon, 4 Dec 2006 08:46:31 +0000 (08:46 +0000)
committer	kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Mon, 4 Dec 2006 08:46:31 +0000 (08:46 +0000)