From 40212452afadd6ee947030e11f8c0ce77ecd47b1 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 01 Dec 2015 03:24:28 -0500
Subject: [PATCH] Add some CVE identifiers

---
 CHANGELOG |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index bd42a55..6ad1f62 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -81,7 +81,7 @@
 - Fix "washing" of style elements wrapped into many lines
 - Fix so input field (e.g. search box) does not loose focus on list load (#1490455)
 - Fix so css of one html part does not apply to other text parts on message display (#1490505)
-- Fix XSS issue in drag-n-drop file uploads (#1490530)
+- Fix XSS issue in drag-n-drop file uploads [CVE-2015-8105] (#1490530)
 - Fix handling of plus character in mailto: links (#1490510)
 - Fix so adding CC/BCC recipients from the sidebar unhides compose form fields in Classic skin (#1490472)
 - Fix so gc.sh script removes also expired sessions from sql database (#1490512)
@@ -167,7 +167,7 @@
 - Fix bug where max_group_members was ignored when adding a new contact (#1490214)
 - Hide MDN and DSN options in compose if disabled by admin (#1490221)
 - Fix checks based on window.ActiveXObject in IE > 10
-- Fix XSS issue in style attribute handling (#1490227)
+- Fix XSS issue in style attribute handling [CVE-2015-1433] (#1490227)
 - Fix bug where Drafts list wasn't updated on draft-save action in new window (#1490225)
 - Fix so "set as default" option is hidden if identities_level > 1 (#1490226)
 - Fix bug where search was reset after returning from compose visited for reply
@@ -195,7 +195,7 @@
 - Fix drag-n-drop to folders expanded while dragging (#1490157)
 - Fix import of multiple contact groups from Google-csv format (#1490159)
 - Fix import of contacts with multiple email addresses from Google-csv format (#1490178)
-- Fix bugs where CSRF attacks were still possible on some requests
+- Fix bugs where CSRF attacks were still possible on some requests [CVE-2014-9587]
 - Fix some rcube_utils::anytodatetime() corner cases with timezone mismatches (#1490163)
 - Improve move-to and contact-export button in classic skin (#1490166)
 - Fix wrong icon for download button in classic skin

--
Gitblit v1.9.1