diff options
author | Simon McVittie <smcv@debian.org> | 2016-12-21 13:03:32 +0000 |
---|---|---|
committer | Simon McVittie <smcv@debian.org> | 2016-12-21 13:03:36 +0000 |
commit | 28409cd358d5ff17e2c340298988e8baf86fd5f5 (patch) | |
tree | f42bd0dec60138980240397519f2e1e5ef870788 | |
parent | bec3047aff9bee37f4d56848212f051fcf91cb90 (diff) | |
download | ikiwiki-28409cd358d5ff17e2c340298988e8baf86fd5f5.tar ikiwiki-28409cd358d5ff17e2c340298988e8baf86fd5f5.tar.gz |
Add CVE references for CVE-2016-10026
-rw-r--r-- | debian/changelog | 8 | ||||
-rw-r--r-- | doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn | 5 | ||||
-rw-r--r-- | doc/news/version_3.20161219.mdwn | 4 | ||||
-rw-r--r-- | doc/security.mdwn | 2 |
4 files changed, 14 insertions, 5 deletions
diff --git a/debian/changelog b/debian/changelog index 7490db757..031403830 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ikiwiki (3.20161220) UNRELEASED; urgency=medium + + * Add CVE references for CVE-2016-10026 + + -- Simon McVittie <smcv@debian.org> Wed, 21 Dec 2016 13:03:07 +0000 + ikiwiki (3.20161219) unstable; urgency=medium [ Joey Hess ] @@ -8,7 +14,7 @@ ikiwiki (3.20161219) unstable; urgency=medium * Security: tell `git revert` not to follow renames. If it does, then renaming a file can result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, - an authorization bypass. Thanks, intrigeri + an authorization bypass. Thanks, intrigeri. (CVE-2016-10026) * cgitemplate: remove some dead code. Thanks, blipvert * Restrict CSS matches against header class to not break Pandoc tables with header rows. Thanks, karsk diff --git a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn index f21decec6..e7f3c6925 100644 --- a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn +++ b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn @@ -24,6 +24,9 @@ when reverting. > I tried to do something more clever (doing the revert, and checking > whether it made changes that aren't allowed) but couldn't get it to > work in a reasonable time, so I'm going with the simpler fix. -> [[Fix committed|done]], a release will follow later today. --[[smcv]] +> [[Fix committed|done]], a release will follow later today. +> +> [[!cve CVE-2016-10026]] has been assigned to this vulnerability. +> --[[smcv]] >> You rock, thanks a lot! --[[intrigeri]] diff --git a/doc/news/version_3.20161219.mdwn b/doc/news/version_3.20161219.mdwn index 3b64cb8a8..b03900972 100644 --- a/doc/news/version_3.20161219.mdwn +++ b/doc/news/version_3.20161219.mdwn @@ -7,8 +7,8 @@ ikiwiki 3.20161219 released with [[!toggle text="these changes"]] * Security: tell `git revert` not to follow renames. If it does, then renaming a file can result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, - an authorization bypass. Thanks, intrigeri + an authorization bypass. Thanks, intrigeri. ([[!cve CVE-2016-10026]]) * cgitemplate: remove some dead code. Thanks, blipvert * Restrict CSS matches against header class to not break Pandoc tables with header rows. Thanks, karsk - * Make pagestats output more deterministic. Thanks, intrigeri"""]]
\ No newline at end of file + * Make pagestats output more deterministic. Thanks, intrigeri"""]] diff --git a/doc/security.mdwn b/doc/security.mdwn index a5db9b410..4f825deba 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -562,4 +562,4 @@ This affects sites with the `git` VCS and the `recentchanges` plugin, which are both used in most ikiwiki installations. This bug was reported on 2016-12-17. The fixed version 3.20161219 -was released on 2016-12-19. +was released on 2016-12-19. ([[!cve CVE-2016-10026]]) |