diff options
| author | Simon McVittie <smcv@debian.org> | 2016-12-29 21:34:10 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2016-12-29 21:34:10 +0000 |
| commit | a60f837695b24b8360b59a8fc8ca1f794b77bd76 (patch) | |
| tree | 195773c93a6e7b353b696209e38881c24ab87176 /doc | |
| parent | e0341d0e887dc49849f7f496680f32a7ece44a4c (diff) | |
| parent | 7562350a3a2ed9aee52ed17972b80cafaf39c540 (diff) | |
| download | ikiwiki-a60f837695b24b8360b59a8fc8ca1f794b77bd76.tar ikiwiki-a60f837695b24b8360b59a8fc8ca1f794b77bd76.tar.gz | |
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/security.mdwn | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index 823f5ef88..56b648122 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -547,7 +547,7 @@ for sites where an untrusted user is able to attach files with arbitrary names and/or run a setuid ikiwiki wrapper with a working directory of their choice. -## Editing restriction bypass for git revert +## <span id="cve-2016-9645">Editing restriction bypass for git revert</span> intrigeri discovered that a web or git user could revert a change to a page they are not allowed to edit, if the change being reverted was made @@ -571,7 +571,7 @@ A backport to Debian 8 'jessie' is in progress. [[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability in 3.20161219 caused by the incomplete fix.) -## Commit metadata forgery via CGI::FormBuilder context-dependent APIs +## <span id="cve-2016-9646">Commit metadata forgery via CGI::FormBuilder context-dependent APIs</span> When CGI::FormBuilder->field("foo") is called in list context (and in particular in the arguments to a subroutine that takes named |