diff options
| -rw-r--r-- | doc/security.mdwn | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index 317a534ca..823f5ef88 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -564,6 +564,8 @@ which are both used in most ikiwiki installations. This bug was reported on 2016-12-17. A partially fixed version 3.20161219 was released on 2016-12-19, but the solution used in that version was not effective with git versions older than 2.8.0. +A more complete fix was released on 2016-12-29 in version 3.20161229. +A backport to Debian 8 'jessie' is in progress. ([[!cve CVE-2016-10026]] represents the original vulnerability. [[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability @@ -589,4 +591,7 @@ of them relatively minor: could potentially forge commit authorship (attribute their edit to someone else) by crafting multiple values for the rcsinfo field +This was fixed in ikiwiki 3.20161229. A backport to Debian 8 +'jessie' is in progress. + ([[!cve CVE-2016-9646]]/OVE-20161226-0001) |