diff options
author | Daniel Friesel <derf@derf.homelinux.org> | 2010-06-25 13:49:41 +0200 |
---|---|---|
committer | Daniel Friesel <derf@derf.homelinux.org> | 2010-06-25 13:49:41 +0200 |
commit | fe0230678fed3ffba9741724de62952c582ffe6b (patch) | |
tree | b0acc93936b1be05a1aba9b7d5569b622611c0ee /ChangeLog | |
parent | ef1e729311a1d8c3264830ef35be2aad1b7a8572 (diff) | |
download | feh-fe0230678fed3ffba9741724de62952c582ffe6b.zip |
ChangeLog: It's not _remote_ code execution
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -12,7 +12,7 @@ git HEAD to handling of uninitialised memory. Since I consider this a rarely useful action, the feature has been disabled for thumbnail mode. * Remove -G/--wget-timestamp option. It was probably not working - correctly, plus it contained a remote code execution hole when used with + correctly, plus it contained a code execution hole when used with malicious URLs containing shell metacharacters (but only if those URLs led to a valid file) * Don't add ?randomnumber to URLs, it confuses some servers and is |