patches: Added CVE-2013-2131.

[pkg-rrdtool.git] / debian / changelog

diff --git a/debian/changelog b/debian/changelog
index 555fd8c9e56a8c4066b8fe5f86f33dd5652ffd0d..3488ead425663b68d0574033e40957e080930831 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,11 @@
-rrdtool (1.4.8-1) UNRELEASED; urgency=low
+rrdtool (1.4.8-1) UNRELEASED; urgency=medium
 
   * Fixed changelog of 1.4.7-2 regarding the versioned build-dep on tcl-dev.
   * Merged 1.4.7-2.1 NMU; thanks to Christian Hofstaedtler (Closes: 736333).
+  * debian/patches:
+    - Added CVE-2013-2131; upstream patch fixing a format string vulnerability
+      in rrdgraph; thanks to Henri Salo for reporting this (Closes: #708866).
+      Raised urgency to medium for this.
 
  -- Sebastian Harl <tokkee@debian.org>  Sat, 18 Aug 2012 15:53:54 +0200