diff options
| author | Simon McVittie <smcv@debian.org> | 2016-05-06 21:35:14 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2016-05-06 21:36:51 +0100 |
| commit | 0abef571c74e054bd6dfbaee140f1b334cdaa6e2 (patch) | |
| tree | b1d4e2d39e8dad611223e5223ef244eeba0e6897 | |
| parent | 855a7b5c6cabdd095253da8a3ff89f769d657b27 (diff) | |
| download | ikiwiki-0abef571c74e054bd6dfbaee140f1b334cdaa6e2.tar ikiwiki-0abef571c74e054bd6dfbaee140f1b334cdaa6e2.tar.gz | |
Add CVE reference
| -rw-r--r-- | doc/news/version_3.20160506.mdwn | 2 | ||||
| -rw-r--r-- | doc/security.mdwn | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/doc/news/version_3.20160506.mdwn b/doc/news/version_3.20160506.mdwn index 331a48b6b..6800a3022 100644 --- a/doc/news/version_3.20160506.mdwn +++ b/doc/news/version_3.20160506.mdwn @@ -22,7 +22,7 @@ ikiwiki 3.20160506 released with [[!toggle text="these changes"]] [[!toggleable text=""" * [ [[Simon McVittie|smcv]] ] * HTML-escape error messages, in one case avoiding potential cross-site - scripting (OVE-20160505-0012) + scripting ([[!cve CVE-2016-4561]], OVE-20160505-0012) * Mitigate ImageMagick vulnerabilities such as CVE-2016-3714: - img: force common Web formats to be interpreted according to extension, so that "allowed\_attachments: '*.jpg'" does what one might expect diff --git a/doc/security.mdwn b/doc/security.mdwn index 6d4841fe6..594b72126 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -515,7 +515,7 @@ allowing an attacker to carry out cross-site scripting by directing a user to a URL that would result in a crafted ikiwiki error message. This was discovered on 4 May by the ikiwiki developers, and the fixed version 3.20160506 was released on 6 May. An upgrade is recommended for sites using -the CGI. +the CGI. ([[!cve CVE-2016-4561]], OVE-20160505-0012) ## ImageMagick CVE-2016–3714 ("ImageTragick") |