X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/ace6a60b1b4f3f4faaa5f50140e95adf796b5ec5..29e6ff03b078a0c6abb659c9e81343d523d3b13a:/debian/changelog

diff --git a/debian/changelog b/debian/changelog
index d3ec481f8..13293d863 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,8 +25,14 @@ ikiwiki (1.42) UNRELEASED; urgency=low
     to be used as close to public domain as possible.
   * viewcvs is now viewvc (in Debian unstable), update everything to use the
     new name.
-
- -- Joey Hess <joeyh@debian.org>  Fri,  9 Feb 2007 00:27:59 -0500
+  * Fix a security hole that allowed a web user to edit images and other
+    non-page format files in the wiki. To exploit this, the file already had
+    to exist in the wiki, and the web user would need to somehow use the web
+    based editor to replace it with malicious content.
+    (Sorry Josh, this means you can't edit style.css directly anymore,
+    although I do appreciate your fixes, actually..)
+
+ -- Joey Hess <joeyh@debian.org>  Sat, 10 Feb 2007 15:09:51 -0500
 
 ikiwiki (1.41) unstable; urgency=low