poll vote (red)

[git.ikiwiki.info.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index fb211cd12285fffc8652096d64859f956fc4d95e..35385465607929108d488eff73fa395e71d82467 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -466,10 +466,11 @@ with the comments plugin enabled. ([[!cve CVE-2011-0428]])
 
 ## possible javascript insertion via insufficient htmlscrubbing of alternate stylesheets
 
 
 ## possible javascript insertion via insufficient htmlscrubbing of alternate stylesheets
 

-Tango noticed that 'meta stylesheet` directives allowed anyone
+Giuseppe Bilotta noticed that 'meta stylesheet` directives allowed anyone

 who could upload a malicious stylesheet to a site to add it to a
 page as an alternate stylesheet, or replacing the default stylesheet.
 
 This hole was discovered on 28 Mar 2011 and fixed the same hour with
 the release of ikiwiki 3.20110328. An upgrade is recommended for sites
 that have untrusted committers, or have the attachments plugin enabled.
 who could upload a malicious stylesheet to a site to add it to a
 page as an alternate stylesheet, or replacing the default stylesheet.
 
 This hole was discovered on 28 Mar 2011 and fixed the same hour with
 the release of ikiwiki 3.20110328. An upgrade is recommended for sites
 that have untrusted committers, or have the attachments plugin enabled.

+([[!cve CVE-2011-1401]])