From: Simon McVittie Date: Fri, 6 May 2016 20:35:14 +0000 (+0100) Subject: Add CVE reference X-Git-Tag: debian/3.20160509~19 X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/0abef571c74e054bd6dfbaee140f1b334cdaa6e2?hp=855a7b5c6cabdd095253da8a3ff89f769d657b27 Add CVE reference --- diff --git a/doc/news/version_3.20160506.mdwn b/doc/news/version_3.20160506.mdwn index 331a48b6b..6800a3022 100644 --- a/doc/news/version_3.20160506.mdwn +++ b/doc/news/version_3.20160506.mdwn @@ -22,7 +22,7 @@ ikiwiki 3.20160506 released with [[!toggle text="these changes"]] [[!toggleable text=""" * [ [[Simon McVittie|smcv]] ] * HTML-escape error messages, in one case avoiding potential cross-site - scripting (OVE-20160505-0012) + scripting ([[!cve CVE-2016-4561]], OVE-20160505-0012) * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714: - img: force common Web formats to be interpreted according to extension, so that "allowed\_attachments: '*.jpg'" does what one might expect diff --git a/doc/security.mdwn b/doc/security.mdwn index 6d4841fe6..594b72126 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -515,7 +515,7 @@ allowing an attacker to carry out cross-site scripting by directing a user to a URL that would result in a crafted ikiwiki error message. This was discovered on 4 May by the ikiwiki developers, and the fixed version 3.20160506 was released on 6 May. An upgrade is recommended for sites using -the CGI. +the CGI. ([[!cve CVE-2016-4561]], OVE-20160505-0012) ## ImageMagick CVE-2016–3714 ("ImageTragick")