document the changes to backport the fix to #862667

author Don Armstrong <don@donarmstrong.com>

Sun, 21 May 2017 19:41:50 +0000 (12:41 -0700)

committer Don Armstrong <don@donarmstrong.com>

Sun, 21 May 2017 19:41:50 +0000 (12:41 -0700)
author Don Armstrong <don@donarmstrong.com>
Sun, 21 May 2017 19:41:50 +0000 (12:41 -0700)
committer Don Armstrong <don@donarmstrong.com>
Sun, 21 May 2017 19:41:50 +0000 (12:41 -0700)
diff --git a/debian/changelog b/debian/changelog

index deeb54a53294e0e825526c4d95ebe4fb0aebf75d..7c678eaf9c2855338a5262eef1a4189817f922ec 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,11 +1,9 @@
-perltidy (20160302-1) unstable; urgency=medium
+perltidy (20140328-2) unstable; urgency=high
  
-  * New upstream release
-  * Die if an existing perltidy.ERR cannot be removed to block overwriting
-    of arbitrary files by a symlink attack. (closes: #862667) Thanks to
-    Jakub Wilk for identifying this issue.
+  * Backport fix for CVE-2016-10374 which fixes insecure file deletion of
+    perltidy.ERR and perltidy.LOG files (closes: #862667)
  
- --
+ -- Don Armstrong <don@debian.org>  Sun, 21 May 2017 12:41:30 -0700
  
  perltidy (20140328-1) unstable; urgency=medium
author	Don Armstrong <don@donarmstrong.com>
	Sun, 21 May 2017 19:41:50 +0000 (12:41 -0700)
committer	Don Armstrong <don@donarmstrong.com>
	Sun, 21 May 2017 19:41:50 +0000 (12:41 -0700)