From 1aa52e3164cfb2b1e494b106504d09ec2da8b247 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 29 Apr 2022 07:06:33 +0200
Subject: [PATCH] add CVE numbers

---
 CHANGELOG | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index f6fb02f0f..dc2f939d8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,8 +13,8 @@
 - various improvements for workflows
 - output splash message when removing, editing, adding a category or keyword
 - extensions cannot be disabled/enabled if configuration file is not writeable
-- prevent cross site scripting in views/bootstrap/class.DefaultKeywords.php
-- fix possible DoS in op/op.RemoveLog.php
+- prevent cross site scripting in views/bootstrap/class.DefaultKeywords.php (CVE-2022-28051)
+- fix possible DoS in op/op.RemoveLog.php (CVE-2022-28478)
 - show only calendar events of logged in user
 - show expired documents in calendar
 - call new hook 'cleanUpDocument' after uploading or updating a document