diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 86d06bdc6..ccf830b27 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,10 @@ ikiwiki (3.20161220) UNRELEASED; urgency=medium + * Security: force CGI::FormBuilder->field to scalar context where + necessary, avoiding unintended function argument injection + analogous to CVE-2014-1572. In ikiwiki this could be used to + forge commit metadata, but thankfully nothing more serious. + (OVE-20161226-0001) * Add CVE references for CVE-2016-10026 * Add missing ikiwiki.setup for the manual test for CVE-2016-10026 * git: don't issue a warning if the rcsinfo CGI parameter is undefined |