Add reference to CVE-2018-1000201 [ci skip]

author: Lars Kanis <lars@greiz-reinsdorf.de> 2018-06-24 13:28:35 +0200
committer: GitHub <noreply@github.com> 2018-06-24 13:28:35 +0200
commit: 559141dcd61c11270719c2deff3ca56c7a111f72 (patch)
tree: 007891ce35acc5de589853f2c7d8ec914e3e9d76 /CHANGELOG.md
parent: aa1b844f9c91538802780f35ac27119d4e877052 (diff)
download: ffi-559141dcd61c11270719c2deff3ca56c7a111f72.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1fabe5a..f974639 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,10 @@ Changed:
 1.9.24 / 2018-06-02
 -------------------
 
+Security Note:
+
+This update addresses vulnerability CVE-2018-1000201: DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String. Found by Matthew Bush.
+
 Added:
 * Added a CHANGELOG file
 * Add mips64(eb) support, and mips r6 support. (#601)
author	Lars Kanis <lars@greiz-reinsdorf.de>	2018-06-24 13:28:35 +0200
committer	GitHub <noreply@github.com>	2018-06-24 13:28:35 +0200
commit	559141dcd61c11270719c2deff3ca56c7a111f72 (patch)
tree	007891ce35acc5de589853f2c7d8ec914e3e9d76 /CHANGELOG.md
parent	aa1b844f9c91538802780f35ac27119d4e877052 (diff)
download	ffi-559141dcd61c11270719c2deff3ca56c7a111f72.tar.gz