diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2018-09-28 13:04:11 +0200 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2018-09-28 13:04:11 +0200 |
| commit | adaa2ed86dc7b6f8d7b2ecd6c65944db2f49d66b (patch) | |
| tree | 38dddad9c03eb689b9d5a7aee3159c7bdbe4df0a | |
| parent | fa7ba1bfb597f974d5eb46bb2612e5051ac70a9c (diff) | |
| download | mullvadvpn-adaa2ed86dc7b6f8d7b2ecd6c65944db2f49d66b.tar.xz mullvadvpn-adaa2ed86dc7b6f8d7b2ecd6c65944db2f49d66b.zip | |
Add CVE identifiers from audit to changes that fixes them
| -rw-r--r-- | CHANGELOG.md | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 03264b787c..841327c837 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -42,6 +42,10 @@ Line wrap the file at 100 chars. Th - Redact IPv6 address that start or end with double colons in problem reports. - Improve tray icon response time by disabling the double click handling. +### Security +- Prevent Electron from executing/navigating to files being drag-and-dropped onto the app GUI. This + fixes [MUL-01-001](./audits/2018-09-24-assured-cure53.md#miscellaneous-issues) + ## [2018.3] - 2018-09-17 ### Changed @@ -53,7 +57,8 @@ Line wrap the file at 100 chars. Th #### Windows - Lock the installation directory to `C:\Program Files\Mullvad VPN`. This prevents potential local privilege escalation by ensuring all binaries executed by the `SYSTEM` user, as part of the - Mullvad system service, are stored where unprivileged users can't modify them. + Mullvad system service, are stored where unprivileged users can't modify them. This fixes + [MUL-01-004](./audits/2018-09-24-assured-cure53.md#identified-vulnerabilities). ## [2018.3-beta1] - 2018-09-13 |