[ Simon McVittie ]
* Add CVE-2016-4561 reference to 3.20141016.3 changelog
+ * Security: tell `git revert` not to follow renames. If it does, then
+ renaming a file can result in a revert writing outside the wiki srcdir
+ or altering a file that the reverting user should not be able to alter,
+ an authorization bypass. Thanks, intrigeri. (CVE-2016-10026)
-- Simon McVittie <smcv@debian.org> Mon, 09 May 2016 22:35:16 +0100