urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clarify which versions of ikiwiki fixed CVE-2016-9645, -9646

master
Simon McVittie 2016-12-29 20:08:49 +00:00
parent 287bb19883
commit 04e322fd6b
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
doc/security.mdwn
View File

@ -564,6 +564,8 @@ which are both used in most ikiwiki installations.
This bug was reported on 2016-12-17. A partially fixed version
3.20161219 was released on 2016-12-19, but the solution used in that
version was not effective with git versions older than 2.8.0.
A more complete fix was released on 2016-12-29 in version 3.20161229.
A backport to Debian 8 'jessie' is in progress.
([[!cve CVE-2016-10026]] represents the original vulnerability.
[[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
@ -589,4 +591,7 @@ of them relatively minor:
could potentially forge commit authorship (attribute their edit to
someone else) by crafting multiple values for the rcsinfo field
This was fixed in ikiwiki 3.20161229. A backport to Debian 8
'jessie' is in progress.
([[!cve CVE-2016-9646]]/OVE-20161226-0001)