X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/7a0b521de8d12e4c789103b51db81353da01f911..d4894526ae2e09d9093bc3d734c41807bf5ec2df:/debian/changelog?ds=sidebyside

diff --git a/debian/changelog b/debian/changelog
index 229d44e27..b3e7e559b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,19 +1,19 @@
-ikiwiki (3.20141016.4) UNRELEASED; urgency=high
+ikiwiki (3.20141016.4) jessie-security; urgency=high
 
   * Reference CVE-2016-4561 in 3.20141016.3 changelog
   * Security: force CGI::FormBuilder->field to scalar context where
     necessary, avoiding unintended function argument injection
     analogous to CVE-2014-1572.
     - passwordauth: prevent authentication bypass via multiple name
-      parameters (OVE-20170111-0001)
+      parameters (CVE-2017-0356, OVE-20170111-0001)
     - passwordauth: prevent userinfo forgery via repeated email
-      parameter (OVE-20170111-0001)
+      parameter (also CVE-2017-0356)
     - comments, editpage: prevent commit metadata forgery
       (CVE-2016-9646, OVE-20161226-0001)
     - CGI, attachment, comments, editpage, notifyemail, passwordauth,
       po, rename: harden against similar issues that are not believed
       to be exploitable
-  * t/passwordauth.t: new automated test for OVE-20170111-0001
+  * t/passwordauth.t: new automated test for CVE-2017-0356
   * Backport IkiWiki::Plugin::git from 3.20170110 to fix the following
     bugs, including one minor security vulnerability:
     - Security: try revert operations before approving them. Previously,
@@ -51,7 +51,7 @@ ikiwiki (3.20141016.4) UNRELEASED; urgency=high
     - d/control: add enough build-dependencies to run all tests, except for
       non-git VCSs
 
- -- Simon McVittie <smcv@debian.org>  Wed, 11 Jan 2017 15:22:38 +0000
+ -- Simon McVittie <smcv@debian.org>  Wed, 11 Jan 2017 18:18:52 +0000
 
 ikiwiki (3.20141016.3) jessie-security; urgency=high