remove reundant chengelog version parse

[git.ikiwiki.info.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 33b199247dbf541362097124a984ceba6d93658e..770927e26d1f5b607953132f77ae5ebed6004c05 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -441,7 +441,7 @@ A fix was also backported to Debian etch, as version 2.53.5. I recommend
 upgrading to one of these versions if your wiki can be edited by third
 parties.
 
 upgrading to one of these versions if your wiki can be edited by third
 parties.
 

-## javascript insertation via insufficient htmlscrubbing of comments
+## javascript insertion via insufficient htmlscrubbing of comments

 
 Kevin Riggle noticed that it was not possible to configure
 `htmlscrubber_skip` to scrub comments while leaving unscubbed the text
 
 Kevin Riggle noticed that it was not possible to configure
 `htmlscrubber_skip` to scrub comments while leaving unscubbed the text


@@ -449,7 +449,17 @@ of eg, blog posts. Confusingly, setting it to "* and !comment(*)" did not
 scrub comments.
 
 Additionally, it was discovered that comments' html was never scrubbed during
 scrub comments.
 
 Additionally, it was discovered that comments' html was never scrubbed during

-preview or moderation of comments.
+preview or moderation of comments with such a configuration.

 
 These problems were discovered on 12 November 2010 and fixed the same
 
 These problems were discovered on 12 November 2010 and fixed the same

-hour with the release of ikiwiki 3.20101112.
+hour with the release of ikiwiki 3.20101112. ([[!cve CVE-2010-1673]])
+
+## javascript insertion via insufficient checking in comments
+
+Dave B noticed that attempting to comment on an illegal page name could be
+used for an XSS attack.
+
+This hole was discovered on 22 Jan 2011 and fixed the same day with
+the release of ikiwiki 3.20110122. A fix was backported to Debian squeeze,
+as version 3.20100815.5. An upgrade is recommended for sites
+with the comments plugin enabled. ([[!cve CVE-2011-0428]])