From 370767bd1f057079881cf4fc38b98aa894b1f010 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 28 Mar 2011 12:56:20 -0400 Subject: severity analysis update --- doc/security.mdwn | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/security.mdwn b/doc/security.mdwn index 53222a3a6..fb211cd12 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -468,8 +468,7 @@ with the comments plugin enabled. ([[!cve CVE-2011-0428]]) Tango noticed that 'meta stylesheet` directives allowed anyone who could upload a malicious stylesheet to a site to add it to a -page as an alternate stylesheet. In order to be exploited, the user -would have to select the alternative stylesheet in their browser. +page as an alternate stylesheet, or replacing the default stylesheet. This hole was discovered on 28 Mar 2011 and fixed the same hour with the release of ikiwiki 3.20110328. An upgrade is recommended for sites -- cgit v1.2.3