From 0abef571c74e054bd6dfbaee140f1b334cdaa6e2 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 6 May 2016 21:35:14 +0100 Subject: [PATCH] Add CVE reference --- doc/news/version_3.20160506.mdwn | 2 +- doc/security.mdwn | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/news/version_3.20160506.mdwn b/doc/news/version_3.20160506.mdwn index 331a48b6b..6800a3022 100644 --- a/doc/news/version_3.20160506.mdwn +++ b/doc/news/version_3.20160506.mdwn @@ -22,7 +22,7 @@ ikiwiki 3.20160506 released with [[!toggle text="these changes"]] [[!toggleable text=""" * [ [[Simon McVittie|smcv]] ] * HTML-escape error messages, in one case avoiding potential cross-site - scripting (OVE-20160505-0012) + scripting ([[!cve CVE-2016-4561]], OVE-20160505-0012) * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714: - img: force common Web formats to be interpreted according to extension, so that "allowed\_attachments: '*.jpg'" does what one might expect diff --git a/doc/security.mdwn b/doc/security.mdwn index 6d4841fe6..594b72126 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -515,7 +515,7 @@ allowing an attacker to carry out cross-site scripting by directing a user to a URL that would result in a crafted ikiwiki error message. This was discovered on 4 May by the ikiwiki developers, and the fixed version 3.20160506 was released on 6 May. An upgrade is recommended for sites using -the CGI. +the CGI. ([[!cve CVE-2016-4561]], OVE-20160505-0012) ## ImageMagick CVE-2016–3714 ("ImageTragick") -- 2.39.2