HTML-escape error messages (CVE-2016-4561)

[git.ikiwiki.info.git] / debian / changelog

diff --git a/debian/changelog b/debian/changelog
index da2cc73bbf9295e7c4df924debb4a33bf63cd308..919814f2f8f01f7084a700874a19e5dd208c2fdb 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,39 @@
-ikiwiki (3.20120517) UNRELEASED; urgency=low
+ikiwiki (3.20120629.3) UNRELEASED; urgency=medium
+
+  * HTML-escape error messages, in one case avoiding potential cross-site
+    scripting (CVE-2016-4561, OVE-20160505-0012)
+
+ -- Simon McVittie <smcv@debian.org>  Sun, 08 May 2016 15:33:51 +0100
+
+ikiwiki (3.20120629.2) wheezy; urgency=medium
+
+  [ Joey Hess ]
+  * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483;
+    CVE-2015-2793)
+
+ -- Simon McVittie <smcv@debian.org>  Mon, 06 Apr 2015 20:34:51 +0100
+
+ikiwiki (3.20120629.1) wheezy; urgency=medium
+
+  Backport blogspam plugin from experimental, because the version in
+  wheezy is no longer usable:
+
+  [ Joey Hess ]
+  * Set Debian package maintainer to Simon McVittie as I'm retiring from
+    Debian.
+
+  [ Amitai Schlair ]
+  * blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL'd).
+    Closes: #774441
+
+ -- Simon McVittie <smcv@debian.org>  Sat, 17 Jan 2015 11:53:33 +0000
+
+ikiwiki (3.20120629) unstable; urgency=low
 
   * mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or
     other config differences by linking to the mirror's CGI. (intrigeri)
 
- -- Joey Hess <joeyh@debian.org>  Sun, 03 Jun 2012 13:15:22 -0400
+ -- Joey Hess <joeyh@debian.org>  Fri, 29 Jun 2012 10:16:08 -0400
 
 ikiwiki (3.20120516) unstable; urgency=high