projects / invirt/packages/invirt-web.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix pts mem vulnerability, with new -encrypt option
[invirt/packages/invirt-web.git] / debian / changelog
diff --git a/debian/changelog b/debian/changelog
index 55a5caa..f7ad007 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,12 @@
 invirt-web (0.0.16) unstable; urgency=low
 
+  * Fix a security vulnerability: traditional `pts mem` is in cleartext
+    and could be spoofed.  Use new -encrypt option, which needs tokens.
+
   * make initscript stop command not leave apache2 processes lying around
     (so that restart works)
 
- -- Greg Price <price@mit.edu>  Fri, 19 Dec 2008 22:34:31 -0500
+ -- Greg Price <price@mit.edu>  Tue, 30 Dec 2008 17:31:48 -0500
 
 invirt-web (0.0.15) unstable; urgency=low
 
Unnamed repository; edit this file 'description' to name the repository.