typo

[git.ikiwiki.info.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index 916bd048440b252232fc4e8b3bd21ebad6d5c7ff..d723826722fcbd558445f08f06b5417563bb1f15 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -471,5 +471,29 @@ who could upload a malicious stylesheet to a site to add it to a
 page as an alternate stylesheet, or replacing the default stylesheet.
 
 This hole was discovered on 28 Mar 2011 and fixed the same hour with
 page as an alternate stylesheet, or replacing the default stylesheet.
 
 This hole was discovered on 28 Mar 2011 and fixed the same hour with

-the release of ikiwiki 3.20110328. An upgrade is recommended for sites
-that have untrusted committers, or have the attachments plugin enabled.
+the release of ikiwiki 3.20110328. A fix was backported to Debian squeeze,
+as version 3.20100815.6. An upgrade is recommended for sites that have
+untrusted committers, or have the attachments plugin enabled.
+([[!cve CVE-2011-1401]])
+
+## tty hijacking via ikiwiki-mass-rebuild
+
+Ludwig Nussel discovered a way for users to hijack root's tty when
+ikiwiki-mass-rebuild was run. Additionally, there was some potential
+for information disclosure via symlinks. ([[!cve CVE-2011-1408]])
+
+This hole was discovered on 8 June 2011 and fixed the same day with
+the release of ikiwiki 3.20110608. Note that the fix is dependant on
+a version of su that has a similar hole fixed; [[!debbug 628843]]
+tracks fixing the hole in Debian's su. An upgrade is a must for any
+sites that have `ikiwiki-update-wikilist` installed suid (not the default),
+and whose admins run `ikiwiki-mass-rebuild`.
+
+## javascript insertion via meta tags
+
+Raúl Benencia discovered an additional XSS exposure in the meta plugin.
+([[!cve CVE-2012-0220]])
+
+This hole was discovered on 16 May 2012 and fixed the same day with
+the release of ikiwiki 3.20120516. A fix was backported to Debian squeeze,
+as version 3.20100815.9. An upgrade is recommended for all sites.