cve

author Joey Hess <joey@kitenet.net>

Thu, 17 May 2012 01:18:40 +0000 (21:18 -0400)

committer Joey Hess <joey@kitenet.net>

Thu, 17 May 2012 01:18:40 +0000 (21:18 -0400)
author Joey Hess <joey@kitenet.net>
Thu, 17 May 2012 01:18:40 +0000 (21:18 -0400)
committer Joey Hess <joey@kitenet.net>
Thu, 17 May 2012 01:18:40 +0000 (21:18 -0400)
diff --git a/debian/changelog b/debian/changelog

index c7e4b1d112f58e95fda1c9d215513ae5556160e0..9a73f108479e17d6c4ccb5cfbcd50ccd3f32b964 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,7 @@
  ikiwiki (3.20120516) unstable; urgency=high
  
    * meta: Security fix; add missing sanitization of author and authorurl.
-    Thanks, Raúl Benencia
+    CVE-2012-0220 Thanks, Raúl Benencia
  
   -- Joey Hess <joeyh@debian.org>  Wed, 16 May 2012 19:51:27 -0400
  
diff --git a/doc/security.mdwn b/doc/security.mdwn

index 99f40d3f1bf40b11b37753353cbabc1e12e5e943..c221c8c6d75f47a5de40c995e3949b005b83ef8c 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -492,6 +492,8 @@ and whose admins run `ikiwiki-mass-rebuild`.
  ## javascript insertion via meta tags
  
  Raúl Benencia discovered an additional XSS exposure in the meta plugin.
+([[!cvs CVE-2012-0220]])
  
  This hole was discovered on 16 May 2012 and fixed the same day with
-the release of ikiwiki 3.20120516.
+the release of ikiwiki 3.20120516. A fix was backported to Debian squeeze,
+as version 3.20100815.9. An upgrade is recommended for all sites.
author	Joey Hess <joey@kitenet.net>
	Thu, 17 May 2012 01:18:40 +0000 (21:18 -0400)
committer	Joey Hess <joey@kitenet.net>
	Thu, 17 May 2012 01:18:40 +0000 (21:18 -0400)
debian/changelog		patch \| blob \| history
doc/security.mdwn		patch \| blob \| history