diff options
author | Simon McVittie <smcv@debian.org> | 2017-01-11 18:16:42 +0000 |
---|---|---|
committer | Simon McVittie <smcv@debian.org> | 2017-01-11 18:16:42 +0000 |
commit | 4d0e525e6a1469a30f3b81c19a289840147463e6 (patch) | |
tree | 5dff8e8ac7e6092c6807ba96243175561bd67829 /debian | |
parent | 2486d83706a48044c88d6ffc8501a63d60d190a4 (diff) | |
download | ikiwiki-4d0e525e6a1469a30f3b81c19a289840147463e6.tar ikiwiki-4d0e525e6a1469a30f3b81c19a289840147463e6.tar.gz |
Document the security fix soon to be released in 3.20170111
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 2183ef179..36a9701d9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +ikiwiki (3.20170111) UNRELEASED; urgency=medium + + * passwordauth: prevent authentication bypass via multiple name + parameters (CVE-2017-0356, OVE-20170111-0001) + * passwordauth: avoid userinfo forgery via repeated email parameter + (also in the scope of CVE-2017-0356) + * CGI, attachment, passwordauth: harden against repeated parameters + (not believed to have been a vulnerability) + * remove: make it clearer that repeated page parameter is OK here + * t/passwordauth.t: new automated test for passwordauth + + -- Simon McVittie <smcv@debian.org> Wed, 11 Jan 2017 18:12:05 +0000 + ikiwiki (3.20170110) unstable; urgency=medium [ Amitai Schleier ] |