From 4411d593935f5e2cfceea8bda2bc092e77a095f81f02da362682677f84e35a16 Mon Sep 17 00:00:00 2001
From: Stefan Dirsch <sndirsch@suse.com>
Date: Wed, 30 Sep 2020 01:43:13 +0000
Subject: [PATCH] Accepting request 838610 from
 home:AndreasStieger:branches:X11:XOrg

add CVE-2020-26117 to changelog

OBS-URL: https://build.opensuse.org/request/show/838610
OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/tigervnc?expand=0&rev=191
---
 tigervnc.changes | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/tigervnc.changes b/tigervnc.changes
index 5dfcd52..775054a 100644
--- a/tigervnc.changes
+++ b/tigervnc.changes
@@ -1,9 +1,12 @@
 -------------------------------------------------------------------
 Fri Sep 25 10:38:58 UTC 2020 - Stefan Dirsch <sndirsch@suse.com>
 
-- U_0001-Properly-store-certificate-exceptions.patch,
+- CVE-2020-26117: Server certificates were stored as certiticate
+  authoritied, allowing malicious owners of these certificates
+  to impersonate any server after a client had added an exception
+  (boo#1176733)
+  U_0001-Properly-store-certificate-exceptions.patch,
   U_0002-Properly-store-certificate-exceptions-in-Java-viewer.patch
-  * Properly store certificate exceptions (boo#1176733)
 - adjusted u_tigervnc-add-autoaccept-parameter.patch
 
 -------------------------------------------------------------------