3 files changed, 3 insertions, 2 deletions

diff --git a/debian/changelog b/debian/changelog
index 7a3f6061f..02796394b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,7 +11,7 @@ ikiwiki (2.48) unstable; urgency=high
 
   * Fix security hole that occurred if openid and passwordauth were both
     enabled. passwordauth would allow logging in as a known openid, with an
-    empty password. Closes: #483770
+    empty password. Closes: #483770 (CVE-2008-0169)
   * Add rel=nofollow to edit links. This may prevent some spiders from
     pounding on the cgi following edit links.
   * passwordauth: If Authen::Passphrase is installed, use it to store
diff --git a/doc/news/version_2.48.mdwn b/doc/news/version_2.48.mdwn
index a0c52f4e8..76dbd7ddc 100644
--- a/doc/news/version_2.48.mdwn
+++ b/doc/news/version_2.48.mdwn
@@ -13,6 +13,7 @@ ikiwiki 2.48 released with [[toggle text="these changes"]]
    * Fix security hole that occurred if openid and passwordauth were both
      enabled. passwordauth would allow logging in as a known openid, with an
      empty password. Closes: #[483770](http://bugs.debian.org/483770)
+     (CVE-2008-0169)
    * Add rel=nofollow to edit links. This may prevent some spiders from
      pounding on the cgi following edit links.
    * passwordauth: If Authen::Passphrase is installed, use it to store
diff --git a/doc/security.mdwn b/doc/security.mdwn
index b2e076ec4..57cac719f 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -403,7 +403,7 @@ passwords in cleartext over the net to log in, either.
 This hole allowed ikiwiki to accept logins using empty passwords, to openid
 accounts that didn't use a password. It was introduced in version 1.34, and
 fixed in version 2.48. The [bug](http://bugs.debian.org/483770) was
-discovered on 30 May 2008 and fixed the same day.
+discovered on 30 May 2008 and fixed the same day. ([[cve CVE-2008-0169]])
 
 I recommend upgrading to 2.48 immediatly if your wiki allows both password
 and openid logins.