]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - doc/news/version_3.20161229.mdwn
projects / git.ikiwiki.info.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
(no commit message)
[git.ikiwiki.info.git] / doc / news / version_3.20161229.mdwn
diff --git a/doc/news/version_3.20161229.mdwn b/doc/news/version_3.20161229.mdwn
index 7d96cedb91524789668dd6fc16f0531035023694..365cb69d112768a4368669ae6a1612712fecb9d3 100644 (file)
--- a/doc/news/version_3.20161229.mdwn
+++ b/doc/news/version_3.20161229.mdwn
@@ -2,17 +2,17 @@ ikiwiki 3.20161229 released with [[!toggle text="these changes"]]
 [[!toggleable text="""
    * Security: force CGI::FormBuilder->field to scalar context where
      necessary, avoiding unintended function argument injection
 [[!toggleable text="""
    * Security: force CGI::FormBuilder->field to scalar context where
      necessary, avoiding unintended function argument injection
-     analogous to [[!cve CVE-2014-1572]]. In ikiwiki this could be used to
+     analogous to [[!debcve CVE-2014-1572]]. In ikiwiki this could be used to
      forge commit metadata, but thankfully nothing more serious.
      forge commit metadata, but thankfully nothing more serious.
-     ([[!cve CVE-2016-9646]])
+     ([[!debcve CVE-2016-9646]])
    * Security: try revert operations in a temporary working tree before
      approving them. Previously, automatic rename detection could result in
      a revert writing outside the wiki srcdir or altering a file that the
      reverting user should not be able to alter, an authorization bypass.
    * Security: try revert operations in a temporary working tree before
      approving them. Previously, automatic rename detection could result in
      a revert writing outside the wiki srcdir or altering a file that the
      reverting user should not be able to alter, an authorization bypass.
-     ([[!cve CVE-2016-10026]] represents the original vulnerability.)
+     ([[!debcve CVE-2016-10026]] represents the original vulnerability.)
      The incomplete fix released in 3.20161219 was not effective for git
      versions prior to 2.8.0rc0.
      The incomplete fix released in 3.20161219 was not effective for git
      versions prior to 2.8.0rc0.
-     ([[!cve CVE-2016-9645]] represents that incomplete solution.)
+     ([[!debcve CVE-2016-9645]] represents that incomplete solution.)
    * Add CVE references for CVE-2016-10026
    * Add automated test for using the CGI with git, including
      CVE-2016-10026
    * Add CVE references for CVE-2016-10026
    * Add automated test for using the CGI with git, including
      CVE-2016-10026
Unnamed repository; edit this file 'description' to name the repository.