severity analysis update

author: Joey Hess <joey@kitenet.net> 2011-03-28 12:56:20 -0400
committer: Joey Hess <joey@kitenet.net> 2011-03-28 12:56:20 -0400
commit: 370767bd1f057079881cf4fc38b98aa894b1f010 (patch)
tree: b07678892e93f1059e4c8aaf47a54822b3055aa9 /doc/security.mdwn
parent: 81abc4adfec2f8d814da9f9a716223b47e0d67c9 (diff)
download: ikiwiki-370767bd1f057079881cf4fc38b98aa894b1f010.tar
ikiwiki-370767bd1f057079881cf4fc38b98aa894b1f010.tar.gz
1 files changed, 1 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 53222a3a6..fb211cd12 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -468,8 +468,7 @@ with the comments plugin enabled. ([[!cve CVE-2011-0428]])
 
 Tango noticed that 'meta stylesheet` directives allowed anyone
 who could upload a malicious stylesheet to a site to add it to a
-page as an alternate stylesheet. In order to be exploited, the user
-would have to select the alternative stylesheet in their browser.
+page as an alternate stylesheet, or replacing the default stylesheet.
 
 This hole was discovered on 28 Mar 2011 and fixed the same hour with
 the release of ikiwiki 3.20110328. An upgrade is recommended for sites
author	Joey Hess <joey@kitenet.net>	2011-03-28 12:56:20 -0400
committer	Joey Hess <joey@kitenet.net>	2011-03-28 12:56:20 -0400
commit	370767bd1f057079881cf4fc38b98aa894b1f010 (patch)
tree	b07678892e93f1059e4c8aaf47a54822b3055aa9 /doc/security.mdwn
parent	81abc4adfec2f8d814da9f9a716223b47e0d67c9 (diff)
download	ikiwiki-370767bd1f057079881cf4fc38b98aa894b1f010.tar ikiwiki-370767bd1f057079881cf4fc38b98aa894b1f010.tar.gz