From 29e6ff03b078a0c6abb659c9e81343d523d3b13a Mon Sep 17 00:00:00 2001
From: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>
Date: Sat, 10 Feb 2007 20:37:36 +0000
Subject: * Fix a security hole that allowed a web user to edit images and
 other   non-page format files in the wiki. To exploit this, the file already
 had   to exist in the wiki, and the web user would need to somehow use the
 web   based editor to replace it with malicious content.   (Sorry Josh, this
 means you can't edit style.css directly anymore,   although I do appreciate
 your fixes, actually..)

---
 debian/changelog | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'debian')

diff --git a/debian/changelog b/debian/changelog
index d3ec481f8..13293d863 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,8 +25,14 @@ ikiwiki (1.42) UNRELEASED; urgency=low
     to be used as close to public domain as possible.
   * viewcvs is now viewvc (in Debian unstable), update everything to use the
     new name.
-
- -- Joey Hess <joeyh@debian.org>  Fri,  9 Feb 2007 00:27:59 -0500
+  * Fix a security hole that allowed a web user to edit images and other
+    non-page format files in the wiki. To exploit this, the file already had
+    to exist in the wiki, and the web user would need to somehow use the web
+    based editor to replace it with malicious content.
+    (Sorry Josh, this means you can't edit style.css directly anymore,
+    although I do appreciate your fixes, actually..)
+
+ -- Joey Hess <joeyh@debian.org>  Sat, 10 Feb 2007 15:09:51 -0500
 
 ikiwiki (1.41) unstable; urgency=low
 
-- 
cgit v1.2.3