changelog: Reference newly allocated CVE-2017-0356

author Simon McVittie <smcv@debian.org>

Wed, 11 Jan 2017 18:08:05 +0000 (18:08 +0000)

committer Simon McVittie <smcv@debian.org>

Wed, 11 Jan 2017 18:08:05 +0000 (18:08 +0000)
author Simon McVittie <smcv@debian.org>
Wed, 11 Jan 2017 18:08:05 +0000 (18:08 +0000)
committer Simon McVittie <smcv@debian.org>
Wed, 11 Jan 2017 18:08:05 +0000 (18:08 +0000)
diff --git a/debian/changelog b/debian/changelog

index 229d44e27baccbdbd18d729245f7c0226a0318a6..eeef68d8b2304597453dee5e5b0de86961a61cc2 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,15 +5,15 @@ ikiwiki (3.20141016.4) UNRELEASED; urgency=high
      necessary, avoiding unintended function argument injection
      analogous to CVE-2014-1572.
      - passwordauth: prevent authentication bypass via multiple name
-      parameters (OVE-20170111-0001)
+      parameters (CVE-2017-0356, OVE-20170111-0001)
      - passwordauth: prevent userinfo forgery via repeated email
-      parameter (OVE-20170111-0001)
+      parameter (also CVE-2017-0356)
      - comments, editpage: prevent commit metadata forgery
        (CVE-2016-9646, OVE-20161226-0001)
      - CGI, attachment, comments, editpage, notifyemail, passwordauth,
        po, rename: harden against similar issues that are not believed
        to be exploitable
-  * t/passwordauth.t: new automated test for OVE-20170111-0001
+  * t/passwordauth.t: new automated test for CVE-2017-0356
    * Backport IkiWiki::Plugin::git from 3.20170110 to fix the following
      bugs, including one minor security vulnerability:
      - Security: try revert operations before approving them. Previously,
author	Simon McVittie <smcv@debian.org>
	Wed, 11 Jan 2017 18:08:05 +0000 (18:08 +0000)
committer	Simon McVittie <smcv@debian.org>
	Wed, 11 Jan 2017 18:08:05 +0000 (18:08 +0000)