changelog: add link to the vulnerability advisory for the 2.7.2 entry

Change-Id: I09a334aec6ece1d13a7d4048030f6d716f7354de Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/140780 Reviewed-by: Michael Thomsen <mit@google.com>
2024-10-02 23:59:16 +00:00 · 2020-03-24 17:05:55 +00:00 · 2020-03-24 17:05:55 +00:00 · 29f47fdccb
parent 2d0fed35bb
commit 29f47fdccb
1 changed files with 5 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -322,14 +322,16 @@ representation soon.

 ## 2.7.2 - 2020-03-23

-This is a patch release that addresses a vulnerability dart:html
+This is a patch release that addresses a vulnerability in `dart:html`
 [NodeValidator](https://api.dart.dev/stable/dart-html/NodeValidator-class.html)
-related to DOM clobbering of `previousSibling`. Thanks to **Vincenzo di Cicco**
-for finding and reporting this issue.
+related to DOM clobbering of `previousSibling`. See the 
+[vulnerability advisory][CVE-2020-8923] for more details. Thanks to
+**Vincenzo di Cicco** for finding and reporting this issue.

 This release also improves compatibility with ARMv8 processors
 (issue [40001][]) and dart:io stability (issue [40589][]).

+[CVE-2020-8923]: https://github.com/dart-lang/sdk/security/advisories/GHSA-hfq3-v9pv-p627
 [40001]: https://github.com/dart-lang/sdk/issues/40001
 [40589]: https://github.com/dart-lang/sdk/issues/40589