Add CVE ID to ChangeLog

author: Frederic Guillot <fred@kanboard.net> 2017-08-16 20:46:47 -0700
committer: Frederic Guillot <fred@kanboard.net> 2017-08-16 20:46:47 -0700
commit: 066c9bf6e14cf2e6ec57d4bc7354aee38a08a944 (patch)
tree: cb689db89e363dc2ad2df1a72bbd0f9134f13107 /ChangeLog
parent: daccedbdab2709faca6faf8fcc3388f1f9eab07b (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index c889556b..485814e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,7 +4,8 @@ Version 1.0.46 (August 13, 2017)
 Security Issues:
 
 * Fix two privilege escalation issues: a standard user could reset the password 
-of another user by altering form data.
+of another user (including admin) by altering form data.
+(CVE-2017-12850 and CVE-2017-12851, discovered by "chbi").
 
 Improvements:
author	Frederic Guillot <fred@kanboard.net>	2017-08-16 20:46:47 -0700
committer	Frederic Guillot <fred@kanboard.net>	2017-08-16 20:46:47 -0700
commit	066c9bf6e14cf2e6ec57d4bc7354aee38a08a944 (patch)
tree	cb689db89e363dc2ad2df1a72bbd0f9134f13107 /ChangeLog
parent	daccedbdab2709faca6faf8fcc3388f1f9eab07b (diff)