add anchors for use in advisory to oss-security

author: smcv <smcv@web> 2016-12-29 16:24:48 -0400
committer: admin <admin@branchable.com> 2016-12-29 16:24:48 -0400
commit: 7562350a3a2ed9aee52ed17972b80cafaf39c540 (patch)
tree: d712e3911e6632a33eaaf717d0527e2183374aff /doc/security.mdwn
parent: 04e322fd6b1160608a1e957cde5c7ad6b56eb137 (diff)
download: ikiwiki-7562350a3a2ed9aee52ed17972b80cafaf39c540.tar
ikiwiki-7562350a3a2ed9aee52ed17972b80cafaf39c540.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 823f5ef88..56b648122 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -547,7 +547,7 @@ for sites where an untrusted user is able to attach files with arbitrary
 names and/or run a setuid ikiwiki wrapper with a working directory of
 their choice.
 
-## Editing restriction bypass for git revert
+## <span id="cve-2016-9645">Editing restriction bypass for git revert</span>
 
 intrigeri discovered that a web or git user could revert a change to a
 page they are not allowed to edit, if the change being reverted was made
@@ -571,7 +571,7 @@ A backport to Debian 8 'jessie' is in progress.
 [[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
 in 3.20161219 caused by the incomplete fix.)
 
-## Commit metadata forgery via CGI::FormBuilder context-dependent APIs
+## <span id="cve-2016-9646">Commit metadata forgery via CGI::FormBuilder context-dependent APIs</span>
 
 When CGI::FormBuilder->field("foo") is called in list context (and
 in particular in the arguments to a subroutine that takes named
author	smcv <smcv@web>	2016-12-29 16:24:48 -0400
committer	admin <admin@branchable.com>	2016-12-29 16:24:48 -0400
commit	7562350a3a2ed9aee52ed17972b80cafaf39c540 (patch)
tree	d712e3911e6632a33eaaf717d0527e2183374aff /doc/security.mdwn
parent	04e322fd6b1160608a1e957cde5c7ad6b56eb137 (diff)
download	ikiwiki-7562350a3a2ed9aee52ed17972b80cafaf39c540.tar ikiwiki-7562350a3a2ed9aee52ed17972b80cafaf39c540.tar.gz