diff options
| author | Joey Hess <joey@kitenet.net> | 2012-05-16 21:18:40 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2012-05-16 21:18:40 -0400 |
| commit | 22acf1872a746af65b2f5487991ff008e52ed1c2 (patch) | |
| tree | f9b520b20def3c54435a934c12b5a3dbd6015988 | |
| parent | 6f897f53dacca6487932858b35b8d47ad8379abd (diff) | |
| download | ikiwiki-22acf1872a746af65b2f5487991ff008e52ed1c2.tar ikiwiki-22acf1872a746af65b2f5487991ff008e52ed1c2.tar.gz | |
cve
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | doc/security.mdwn | 4 |
2 files changed, 4 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index c7e4b1d11..9a73f1084 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,7 +1,7 @@ ikiwiki (3.20120516) unstable; urgency=high * meta: Security fix; add missing sanitization of author and authorurl. - Thanks, Raúl Benencia + CVE-2012-0220 Thanks, Raúl Benencia -- Joey Hess <joeyh@debian.org> Wed, 16 May 2012 19:51:27 -0400 diff --git a/doc/security.mdwn b/doc/security.mdwn index 99f40d3f1..c221c8c6d 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -492,6 +492,8 @@ and whose admins run `ikiwiki-mass-rebuild`. ## javascript insertion via meta tags Raúl Benencia discovered an additional XSS exposure in the meta plugin. +([[!cvs CVE-2012-0220]]) This hole was discovered on 16 May 2012 and fixed the same day with -the release of ikiwiki 3.20120516. +the release of ikiwiki 3.20120516. A fix was backported to Debian squeeze, +as version 3.20100815.9. An upgrade is recommended for all sites. |