Update changelog

author Simon McVittie <smcv@debian.org>

Fri, 23 Dec 2016 18:48:38 +0000 (18:48 +0000)

committer Simon McVittie <smcv@debian.org>

Fri, 23 Dec 2016 18:48:38 +0000 (18:48 +0000)
author Simon McVittie <smcv@debian.org>
Fri, 23 Dec 2016 18:48:38 +0000 (18:48 +0000)
committer Simon McVittie <smcv@debian.org>
Fri, 23 Dec 2016 18:48:38 +0000 (18:48 +0000)
diff --git a/debian/changelog b/debian/changelog

index b0036db8d516d6c3f71478e3fa86bcbafc7801f2..3e7c3e91746c6aaaa9676427c70c33abe5914209 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,10 @@ ikiwiki (3.20141016.4) UNRELEASED; urgency=medium
  
    [ Simon McVittie ]
    * Add CVE-2016-4561 reference to 3.20141016.3 changelog
+  * Security: tell `git revert` not to follow renames. If it does, then
+    renaming a file can result in a revert writing outside the wiki srcdir
+    or altering a file that the reverting user should not be able to alter,
+    an authorization bypass. Thanks, intrigeri. (CVE-2016-10026)
  
   -- Simon McVittie <smcv@debian.org>  Mon, 09 May 2016 22:35:16 +0100
author	Simon McVittie <smcv@debian.org>
	Fri, 23 Dec 2016 18:48:38 +0000 (18:48 +0000)
committer	Simon McVittie <smcv@debian.org>
	Fri, 23 Dec 2016 18:48:38 +0000 (18:48 +0000)