X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/32f3b4de00b1d2c4e3bfd7eca63f5ebbd4501ae7..bcfba8cdb50dcaca9faa182955825670efb15852:/debian/changelog?ds=inline diff --git a/debian/changelog b/debian/changelog index 9a73f1084..919814f2f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,40 @@ +ikiwiki (3.20120629.3) UNRELEASED; urgency=medium + + * HTML-escape error messages, in one case avoiding potential cross-site + scripting (CVE-2016-4561, OVE-20160505-0012) + + -- Simon McVittie Sun, 08 May 2016 15:33:51 +0100 + +ikiwiki (3.20120629.2) wheezy; urgency=medium + + [ Joey Hess ] + * Fix XSS in openid selector. Thanks, Raghav Bisht. (Closes: #781483; + CVE-2015-2793) + + -- Simon McVittie Mon, 06 Apr 2015 20:34:51 +0100 + +ikiwiki (3.20120629.1) wheezy; urgency=medium + + Backport blogspam plugin from experimental, because the version in + wheezy is no longer usable: + + [ Joey Hess ] + * Set Debian package maintainer to Simon McVittie as I'm retiring from + Debian. + + [ Amitai Schlair ] + * blogspam: use the 2.0 JSON API (the 1.0 XML-RPC API has been EOL'd). + Closes: #774441 + + -- Simon McVittie Sat, 17 Jan 2015 11:53:33 +0000 + +ikiwiki (3.20120629) unstable; urgency=low + + * mirrorlist: Add mirrorlist_use_cgi setting that avoids usedirs or + other config differences by linking to the mirror's CGI. (intrigeri) + + -- Joey Hess Fri, 29 Jun 2012 10:16:08 -0400 + ikiwiki (3.20120516) unstable; urgency=high * meta: Security fix; add missing sanitization of author and authorurl.