]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/commitdiff
projects / git.ikiwiki.info.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb5cf4a)
Update changelog
authorSimon McVittie <smcv@debian.org>
Fri, 23 Dec 2016 18:48:38 +0000 (18:48 +0000)
committerSimon McVittie <smcv@debian.org>
Fri, 23 Dec 2016 18:48:38 +0000 (18:48 +0000)
debian/changelog patch | blob | history

diff --git a/debian/changelog b/debian/changelog
index b0036db8d516d6c3f71478e3fa86bcbafc7801f2..3e7c3e91746c6aaaa9676427c70c33abe5914209 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,10 @@ ikiwiki (3.20141016.4) UNRELEASED; urgency=medium
 
   [ Simon McVittie ]
   * Add CVE-2016-4561 reference to 3.20141016.3 changelog
+  * Security: tell `git revert` not to follow renames. If it does, then
+    renaming a file can result in a revert writing outside the wiki srcdir
+    or altering a file that the reverting user should not be able to alter,
+    an authorization bypass. Thanks, intrigeri. (CVE-2016-10026)
 
  -- Simon McVittie <smcv@debian.org>  Mon, 09 May 2016 22:35:16 +0100
 
Unnamed repository; edit this file 'description' to name the repository.