From 9a3ed88e24459e13eb6158dff20c240a5c98d664 Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@debian.org>
Date: Wed, 11 Jan 2017 18:08:05 +0000
Subject: [PATCH] changelog: Reference newly allocated CVE-2017-0356

---
 debian/changelog | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 229d44e27..eeef68d8b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,15 +5,15 @@ ikiwiki (3.20141016.4) UNRELEASED; urgency=high
     necessary, avoiding unintended function argument injection
     analogous to CVE-2014-1572.
     - passwordauth: prevent authentication bypass via multiple name
-      parameters (OVE-20170111-0001)
+      parameters (CVE-2017-0356, OVE-20170111-0001)
     - passwordauth: prevent userinfo forgery via repeated email
-      parameter (OVE-20170111-0001)
+      parameter (also CVE-2017-0356)
     - comments, editpage: prevent commit metadata forgery
       (CVE-2016-9646, OVE-20161226-0001)
     - CGI, attachment, comments, editpage, notifyemail, passwordauth,
       po, rename: harden against similar issues that are not believed
       to be exploitable
-  * t/passwordauth.t: new automated test for OVE-20170111-0001
+  * t/passwordauth.t: new automated test for CVE-2017-0356
   * Backport IkiWiki::Plugin::git from 3.20170110 to fix the following
     bugs, including one minor security vulnerability:
     - Security: try revert operations before approving them. Previously,
-- 
2.39.2