ikiwiki (1.33.4) stable-security; urgency=high
* htmlscrubber security fix: Block javascript in uris. Closes: #465110
+ * meta: Check that the urls provided for authorurl, permalink, and openid
+ are safe and can't contain javascript.
* Add htmlscrubber test suite.
+ * Thanks to Josh Triplett for pointing out the holes and for his help
+ in implementing and checking fixes.
-- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:34:28 -0500