Merge branch 'master' into debian-jessie-backports

[git.ikiwiki.info.git] / doc / news / version_3.20161229.mdwn

diff --git a/doc/news/version_3.20161229.mdwn b/doc/news/version_3.20161229.mdwn
index 7d96cedb91524789668dd6fc16f0531035023694..365cb69d112768a4368669ae6a1612712fecb9d3 100644 (file)
--- a/doc/news/version_3.20161229.mdwn
+++ b/doc/news/version_3.20161229.mdwn
@@ -2,17 +2,17 @@ ikiwiki 3.20161229 released with [[!toggle text="these changes"]]
 [[!toggleable text="""
    * Security: force CGI::FormBuilder->field to scalar context where
      necessary, avoiding unintended function argument injection
-     analogous to [[!cve CVE-2014-1572]]. In ikiwiki this could be used to
+     analogous to [[!debcve CVE-2014-1572]]. In ikiwiki this could be used to
      forge commit metadata, but thankfully nothing more serious.
-     ([[!cve CVE-2016-9646]])
+     ([[!debcve CVE-2016-9646]])
    * Security: try revert operations in a temporary working tree before
      approving them. Previously, automatic rename detection could result in
      a revert writing outside the wiki srcdir or altering a file that the
      reverting user should not be able to alter, an authorization bypass.
-     ([[!cve CVE-2016-10026]] represents the original vulnerability.)
+     ([[!debcve CVE-2016-10026]] represents the original vulnerability.)
      The incomplete fix released in 3.20161219 was not effective for git
      versions prior to 2.8.0rc0.
-     ([[!cve CVE-2016-9645]] represents that incomplete solution.)
+     ([[!debcve CVE-2016-9645]] represents that incomplete solution.)
    * Add CVE references for CVE-2016-10026
    * Add automated test for using the CGI with git, including
      CVE-2016-10026