addition to 2.12 release notes

author justdave%syndicomm.com <>

Fri, 4 Apr 2008 11:47:32 +0000 (11:47 +0000)

committer justdave%syndicomm.com <>

Fri, 4 Apr 2008 11:47:32 +0000 (11:47 +0000)
author justdave%syndicomm.com <>
Fri, 4 Apr 2008 11:47:32 +0000 (11:47 +0000)
committer justdave%syndicomm.com <>
Fri, 4 Apr 2008 11:47:32 +0000 (11:47 +0000)
diff --git a/docs/en/rel_notes.txt b/docs/en/rel_notes.txt

index 4def4caf37f11cf7085bd12598930936cb3c1c35..81807ef4f4ccccbed369d00810ed57c1950875a3 100644 (file)
--- a/docs/en/rel_notes.txt
+++ b/docs/en/rel_notes.txt
@@ -60,6 +60,10 @@ bugzilla.mozilla.org.
    middle.
    (bug 29820)
  
+- Some security holes have been fixed where shell escape characters
+  could be passed to Bugzilla, allowing remote users to execute
+  system commands on the web server.
+
  *** Other changes of note ***
  
  - Bug titles now appear in the page title, and will hence
author	justdave%syndicomm.com <>
	Fri, 4 Apr 2008 11:47:32 +0000 (11:47 +0000)
committer	justdave%syndicomm.com <>
	Fri, 4 Apr 2008 11:47:32 +0000 (11:47 +0000)