CVE assigned

author Joey Hess <joey@kitenet.net>

Mon, 28 Mar 2011 23:10:08 +0000 (19:10 -0400)

committer Joey Hess <joey@kitenet.net>

Mon, 28 Mar 2011 23:10:08 +0000 (19:10 -0400)
author Joey Hess <joey@kitenet.net>
Mon, 28 Mar 2011 23:10:08 +0000 (19:10 -0400)
committer Joey Hess <joey@kitenet.net>
Mon, 28 Mar 2011 23:10:08 +0000 (19:10 -0400)
diff --git a/debian/changelog b/debian/changelog

index 1f73523a4af65737337f5c667297c596c449942a..db6f95f43e6adab1882e8389e09d95d8030007ed 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,7 +14,7 @@ ikiwiki (3.20110328) unstable; urgency=low
    * comment: Better fix to avoid showing comments of subpages, while
      not breaking manual inlining of comments.
    * meta: Security fix; don't allow alternative stylesheets to be added
-    on pages where the htmlscrubber is enabled.
+    on pages where the htmlscrubber is enabled. CVE-2011-1401
  
   -- Joey Hess <joeyh@debian.org>  Mon, 28 Mar 2011 12:23:26 -0400
  
diff --git a/doc/security.mdwn b/doc/security.mdwn

index 916bd048440b252232fc4e8b3bd21ebad6d5c7ff..35385465607929108d488eff73fa395e71d82467 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -473,3 +473,4 @@ page as an alternate stylesheet, or replacing the default stylesheet.
  This hole was discovered on 28 Mar 2011 and fixed the same hour with
  the release of ikiwiki 3.20110328. An upgrade is recommended for sites
  that have untrusted committers, or have the attachments plugin enabled.
+([[!cve CVE-2011-1401]])
author	Joey Hess <joey@kitenet.net>
	Mon, 28 Mar 2011 23:10:08 +0000 (19:10 -0400)
committer	Joey Hess <joey@kitenet.net>
	Mon, 28 Mar 2011 23:10:08 +0000 (19:10 -0400)
debian/changelog		patch \| blob \| history
doc/security.mdwn		patch \| blob \| history