From 4cc74f726942d8570811f1e78db9a93a252435bf Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 20 Jan 2009 16:28:33 +0000
Subject: Treat 'background' attributes the same way as 'src' (another XSS
 vulnerability)

---
 CHANGELOG | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'CHANGELOG')

diff --git a/CHANGELOG b/CHANGELOG
index f9ce6de9f..e8ce8272a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,10 @@
 CHANGELOG RoundCube Webmail
 ---------------------------
 
+2009/01/20 (thomasb)
+----------
+- Fix XSS vulnerability through background attributes as reported by Julien Cayssol
+
 2009/01/18 (alec)
 ----------
 - Fix problems with backslash as IMAP hierarchy delimiter (#1484467)
-- 
cgit v1.2.3