From 7f518d0ce6cefd48e26b872ed16ad0eb8eca1438 Mon Sep 17 00:00:00 2001
From: Daniel Hahler <git@thequod.de>
Date: Wed, 16 Jan 2019 02:49:30 +0100
Subject: [PATCH] doc: link CVE  [ci skip]

---
 doc/changelog.asciidoc | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index 03d3e75b7..803374b50 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -362,11 +362,11 @@ v1.3.3
 Security
 ~~~~~~~~
 
-- An XSS vulnerability on the `qute://history` page allowed websites to inject
-  HTML into the page via a crafted title tag. This could allow them to steal
-  your browsing history. If you're currently unable to upgrade, avoid using
-  `:history`. A CVE request for this issue is pending, see
-  https://github.com/qutebrowser/qutebrowser/issues/4011[#4011] for updates.
+- CVE-2018-1000559: An XSS vulnerability on the `qute://history` page allowed
+  websites to inject HTML into the page via a crafted title tag. This could
+  allow them to steal your browsing history. If you're currently unable to
+  upgrade, avoid using `:history`. See the related GitHub issue for details:
+  https://github.com/qutebrowser/qutebrowser/issues/4011.
 
 Fixed
 ~~~~~