Add CVE references for CVE-2016-9646, CVE-2016-9645

Thanks to the Debian security team for allocating these.
author: Simon McVittie <smcv@debian.org> 2016-12-29 17:31:30 +0000
committer: Simon McVittie <smcv@debian.org> 2016-12-29 17:36:11 +0000
commit: cf0166347c1b017bba4f99f9e6bffa2eb221d933 (patch)
tree: 0e88c7559601a52b39b23ada30f7585c6552555d /doc
parent: 078d4208cac9fcd12f9cfc189770de68230abff7 (diff)
download: ikiwiki-cf0166347c1b017bba4f99f9e6bffa2eb221d933.tar
ikiwiki-cf0166347c1b017bba4f99f9e6bffa2eb221d933.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index c08d658c8..317a534ca 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -566,7 +566,8 @@ This bug was reported on 2016-12-17. A partially fixed version
 version was not effective with git versions older than 2.8.0.
 
 ([[!cve CVE-2016-10026]] represents the original vulnerability.
-OVE-20161226-0002 represents the incomplete fix in 3.20161219.)
+[[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
+in 3.20161219 caused by the incomplete fix.)
 
 ## Commit metadata forgery via CGI::FormBuilder context-dependent APIs
 
@@ -588,4 +589,4 @@ of them relatively minor:
   could potentially forge commit authorship (attribute their edit to
   someone else) by crafting multiple values for the rcsinfo field
 
-(OVE-20161226-0001)
+([[!cve CVE-2016-9646]]/OVE-20161226-0001)
author	Simon McVittie <smcv@debian.org>	2016-12-29 17:31:30 +0000
committer	Simon McVittie <smcv@debian.org>	2016-12-29 17:36:11 +0000
commit	cf0166347c1b017bba4f99f9e6bffa2eb221d933 (patch)
tree	0e88c7559601a52b39b23ada30f7585c6552555d /doc
parent	078d4208cac9fcd12f9cfc189770de68230abff7 (diff)
download	ikiwiki-cf0166347c1b017bba4f99f9e6bffa2eb221d933.tar ikiwiki-cf0166347c1b017bba4f99f9e6bffa2eb221d933.tar.gz