aboutsummaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog5
1 files changed, 5 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 86d06bdc6..ccf830b27 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,10 @@
ikiwiki (3.20161220) UNRELEASED; urgency=medium
+ * Security: force CGI::FormBuilder->field to scalar context where
+ necessary, avoiding unintended function argument injection
+ analogous to CVE-2014-1572. In ikiwiki this could be used to
+ forge commit metadata, but thankfully nothing more serious.
+ (OVE-20161226-0001)
* Add CVE references for CVE-2016-10026
* Add missing ikiwiki.setup for the manual test for CVE-2016-10026
* git: don't issue a warning if the rcsinfo CGI parameter is undefined