Update security changelog (#4334)

* Update security changelog * Update security changelog 1

Update security changelog (#4334)
* Update security changelog * Update security changelog 1
28013179 · Anton Zhabolenko · Ivan Blinkov · bb65c9df · 28013179
隐藏空白更改
内联并排

Showing with 16 addition and 0 deletion

docs/en/security_changelog.md docs/en/security_changelog.md +16 -0

未找到文件。
--- a/docs/en/security_changelog.md
+++ b/docs/en/security_changelog.md
+## Fixed in ClickHouse Release 18.12.13, 2018-09-10
+### CVE-2018-14672
+Functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
+Credits: Andrey Krasichkov of Yandex Information Security Team
+## Fixed in ClickHouse Release 18.10.3, 2018-08-13
+### CVE-2018-14671
+unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
+Credits: Andrey Krasichkov and Evgeny Sidorov of Yandex Information Security Team
 ## Fixed in ClickHouse Release 1.1.54388, 2018-06-28
 ### CVE-2018-14668