diff options
| author | Simon McVittie <smcv@debian.org> | 2016-12-21 13:03:32 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2016-12-21 13:03:36 +0000 |
| commit | 28409cd358d5ff17e2c340298988e8baf86fd5f5 (patch) | |
| tree | f42bd0dec60138980240397519f2e1e5ef870788 /doc | |
| parent | bec3047aff9bee37f4d56848212f051fcf91cb90 (diff) | |
| download | ikiwiki-28409cd358d5ff17e2c340298988e8baf86fd5f5.tar ikiwiki-28409cd358d5ff17e2c340298988e8baf86fd5f5.tar.gz | |
Add CVE references for CVE-2016-10026
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn | 5 | ||||
| -rw-r--r-- | doc/news/version_3.20161219.mdwn | 4 | ||||
| -rw-r--r-- | doc/security.mdwn | 2 |
3 files changed, 7 insertions, 4 deletions
diff --git a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn index f21decec6..e7f3c6925 100644 --- a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn +++ b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn @@ -24,6 +24,9 @@ when reverting. > I tried to do something more clever (doing the revert, and checking > whether it made changes that aren't allowed) but couldn't get it to > work in a reasonable time, so I'm going with the simpler fix. -> [[Fix committed|done]], a release will follow later today. --[[smcv]] +> [[Fix committed|done]], a release will follow later today. +> +> [[!cve CVE-2016-10026]] has been assigned to this vulnerability. +> --[[smcv]] >> You rock, thanks a lot! --[[intrigeri]] diff --git a/doc/news/version_3.20161219.mdwn b/doc/news/version_3.20161219.mdwn index 3b64cb8a8..b03900972 100644 --- a/doc/news/version_3.20161219.mdwn +++ b/doc/news/version_3.20161219.mdwn @@ -7,8 +7,8 @@ ikiwiki 3.20161219 released with [[!toggle text="these changes"]] * Security: tell `git revert` not to follow renames. If it does, then renaming a file can result in a revert writing outside the wiki srcdir or altering a file that the reverting user should not be able to alter, - an authorization bypass. Thanks, intrigeri + an authorization bypass. Thanks, intrigeri. ([[!cve CVE-2016-10026]]) * cgitemplate: remove some dead code. Thanks, blipvert * Restrict CSS matches against header class to not break Pandoc tables with header rows. Thanks, karsk - * Make pagestats output more deterministic. Thanks, intrigeri"""]]
\ No newline at end of file + * Make pagestats output more deterministic. Thanks, intrigeri"""]] diff --git a/doc/security.mdwn b/doc/security.mdwn index a5db9b410..4f825deba 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -562,4 +562,4 @@ This affects sites with the `git` VCS and the `recentchanges` plugin, which are both used in most ikiwiki installations. This bug was reported on 2016-12-17. The fixed version 3.20161219 -was released on 2016-12-19. +was released on 2016-12-19. ([[!cve CVE-2016-10026]]) |