# HG changeset patch
# User Mark Doliner <mark@kingant.net>
# Date 1252002053 0
# Node ID 62edf13f815ba65ad6755f0477a68d0ce97903db
# Parent  5a1d215211e2e955ba73e96ee72b4a8ef07d4457
Add the XMPP SSL/TLS bug to the ChangeLog

diff -r 5a1d215211e2 -r 62edf13f815b ChangeLog
--- a/ChangeLog	Thu Sep 03 16:17:12 2009 +0000
+++ b/ChangeLog	Thu Sep 03 18:20:53 2009 +0000
@@ -26,6 +26,9 @@
 	  room@conference.example.net is a MUC.
 	* Don't crash when receiving "smileyfied" XHTML-IM from clients that don't
 	  support bits of binary (ie. when getting an empty <data/> in return)
+	* Fix bug where SSL/TLS was not required even though the
+	  "require SSL/TLS" preference checked when connecting to servers
+	  that use the older iq-based authentication.  (CVE-2009-3026)
 
 	Yahoo!/Yahoo! JAPAN:
 	* Accounts now have "Use account proxy for SSL connections" option.  This