From fc2beb8c6aa4d423b55ba95809941f2eba6fea2a Mon Sep 17 00:00:00 2001
From: nodiscc <nodiscc@gmail.com>
Date: Mon, 23 Oct 2017 01:06:11 +0200
Subject: [PATCH] Changelog: link to CVE-2017-15215, give attribution

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 120c5d2..33feac2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -40,7 +40,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 
 ### Security
 
-- Vulnerability introduced in v0.9.1 fixed.
+- Fixed reflected XSS vulnerability introduced in v0.9.1, discovered by @chb9 ([CVE-2017-15215](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215)).
 
 ## [v0.9.1](https://github.com/shaarli/Shaarli/releases/tag/v0.9.1) - 2017-08-23