Merge branch 'master'

Conflicts: doc/ikiwiki-makerepo.mdwn
author: Joey Hess <joey@gnu.kitenet.net> 2009-04-04 17:27:48 -0400
committer: Joey Hess <joey@gnu.kitenet.net> 2009-04-04 17:27:48 -0400
commit: 8e92468eae9ac0ab8161a0c71ff6c6a0a8aef07a (patch)
tree: 9e26465e0ca98a5f3cbc6c72a0cace4bf83b93db /doc/security.mdwn
parent: 78a69e5bd632eb86ef8135e9c1d05d2c48b43362 (diff)
parent: 08fda4c9d374de1d3de3172a192d4d915d3dc0c1 (diff)
download: ikiwiki-8e92468eae9ac0ab8161a0c71ff6c6a0a8aef07a.tar
ikiwiki-8e92468eae9ac0ab8161a0c71ff6c6a0a8aef07a.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 0841abf49..939d65d01 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -407,3 +407,13 @@ discovered on 30 May 2008 and fixed the same day. ([[!cve CVE-2008-0169]])
 
 I recommend upgrading to 2.48 immediatly if your wiki allows both password
 and openid logins.
+
+## Malformed UTF-8 DOS
+
+Feeding ikiwiki page sources containing certian forms of malformed UTF-8
+can cause it to crash. This can potentially be used for a denial of service
+attack.
+
+intrigeri discovered this problem on 12 Nov 2008 and a patch put in place
+later that day, in version 2.70. The fix was backported to testing as version
+2.53.3, and to stable as version 1.33.7.
author	Joey Hess <joey@gnu.kitenet.net>	2009-04-04 17:27:48 -0400
committer	Joey Hess <joey@gnu.kitenet.net>	2009-04-04 17:27:48 -0400
commit	8e92468eae9ac0ab8161a0c71ff6c6a0a8aef07a (patch)
tree	9e26465e0ca98a5f3cbc6c72a0cace4bf83b93db /doc/security.mdwn
parent	78a69e5bd632eb86ef8135e9c1d05d2c48b43362 (diff)
parent	08fda4c9d374de1d3de3172a192d4d915d3dc0c1 (diff)
download	ikiwiki-8e92468eae9ac0ab8161a0c71ff6c6a0a8aef07a.tar ikiwiki-8e92468eae9ac0ab8161a0c71ff6c6a0a8aef07a.tar.gz