Loading ChangeLog +9 −0 Original line number Original line Diff line number Diff line Wed, 09 Feb 2011 20:11:26 +0100 Daniel Friesel <derf@finalrewind.org> * Release v1.11.2 * Use wget --no-clobber to prevent TOCTTOU-based hole allowing a well-informed attacker to rewrite arbitrary user files with images. The attacker needs to know feh's PID and the URL the user gave it. It is still possible for an attacker to _create_ arbitrary files via the same hole. Wed, 26 Jan 2011 21:07:19 +0100 Wed, 26 Jan 2011 21:07:19 +0100 * Release v1.11.1 * Release v1.11.1 Loading Loading
ChangeLog +9 −0 Original line number Original line Diff line number Diff line Wed, 09 Feb 2011 20:11:26 +0100 Daniel Friesel <derf@finalrewind.org> * Release v1.11.2 * Use wget --no-clobber to prevent TOCTTOU-based hole allowing a well-informed attacker to rewrite arbitrary user files with images. The attacker needs to know feh's PID and the URL the user gave it. It is still possible for an attacker to _create_ arbitrary files via the same hole. Wed, 26 Jan 2011 21:07:19 +0100 Wed, 26 Jan 2011 21:07:19 +0100 * Release v1.11.1 * Release v1.11.1 Loading
