From: smcv Date: Thu, 29 Dec 2016 20:24:48 +0000 (-0400) Subject: add anchors for use in advisory to oss-security X-Git-Tag: 3.20170110~23^2 X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/commitdiff_plain/7562350a3a2ed9aee52ed17972b80cafaf39c540 add anchors for use in advisory to oss-security --- diff --git a/doc/security.mdwn b/doc/security.mdwn index 823f5ef88..56b648122 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -547,7 +547,7 @@ for sites where an untrusted user is able to attach files with arbitrary names and/or run a setuid ikiwiki wrapper with a working directory of their choice. -## Editing restriction bypass for git revert +## Editing restriction bypass for git revert intrigeri discovered that a web or git user could revert a change to a page they are not allowed to edit, if the change being reverted was made @@ -571,7 +571,7 @@ A backport to Debian 8 'jessie' is in progress. [[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability in 3.20161219 caused by the incomplete fix.) -## Commit metadata forgery via CGI::FormBuilder context-dependent APIs +## Commit metadata forgery via CGI::FormBuilder context-dependent APIs When CGI::FormBuilder->field("foo") is called in list context (and in particular in the arguments to a subroutine that takes named