add CVE ids

author: Joey Hess <joey@kodama.kitenet.net> 2008-02-20 16:48:38 -0500
committer: Joey Hess <joey@kodama.kitenet.net> 2008-02-20 16:48:38 -0500
commit: 0737121a739f7071b6cd3a2059379fadd4fc1805 (patch)
tree: e4d8d1435a3e027d06cf78ddd2ebf7809315ccf8 /doc/security.mdwn
parent: 5f1a97d954abdc4b37b32267c6012379bba9fa0c (diff)
download: ikiwiki-0737121a739f7071b6cd3a2059379fadd4fc1805.tar
ikiwiki-0737121a739f7071b6cd3a2059379fadd4fc1805.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 9259209ee..723daeccc 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -356,9 +356,10 @@ allow the security hole to be exploited.
 ## javascript insertion via uris
 
 The htmlscrubber did not block javascript in uris. This was fixed by adding
-a whitelist of valid uri types, which does not include javascript. Some
-urls specifyable by the meta plugin could also theoretically have been used
-to inject javascript; this was also blocked.
+a whitelist of valid uri types, which does not include javascript. 
+([[cve CVE-2008-0809]]) Some urls specifyable by the meta plugin could also
+theoretically have been used to inject javascript; this was also blocked
+([[cve CVE-2008-0808]]).
 
 This hole was discovered on 10 February 2008 and fixed the same day
 with the release of ikiwiki 2.31.1. (And a few subsequent versions..)
author	Joey Hess <joey@kodama.kitenet.net>	2008-02-20 16:48:38 -0500
committer	Joey Hess <joey@kodama.kitenet.net>	2008-02-20 16:48:38 -0500
commit	0737121a739f7071b6cd3a2059379fadd4fc1805 (patch)
tree	e4d8d1435a3e027d06cf78ddd2ebf7809315ccf8 /doc/security.mdwn
parent	5f1a97d954abdc4b37b32267c6012379bba9fa0c (diff)
download	ikiwiki-0737121a739f7071b6cd3a2059379fadd4fc1805.tar ikiwiki-0737121a739f7071b6cd3a2059379fadd4fc1805.tar.gz