Add CVE references for CVE-2016-10026
parent
bec3047aff
commit
28409cd358
|
@ -1,3 +1,9 @@
|
||||||
|
ikiwiki (3.20161220) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
|
* Add CVE references for CVE-2016-10026
|
||||||
|
|
||||||
|
-- Simon McVittie <smcv@debian.org> Wed, 21 Dec 2016 13:03:07 +0000
|
||||||
|
|
||||||
ikiwiki (3.20161219) unstable; urgency=medium
|
ikiwiki (3.20161219) unstable; urgency=medium
|
||||||
|
|
||||||
[ Joey Hess ]
|
[ Joey Hess ]
|
||||||
|
@ -8,7 +14,7 @@ ikiwiki (3.20161219) unstable; urgency=medium
|
||||||
* Security: tell `git revert` not to follow renames. If it does, then
|
* Security: tell `git revert` not to follow renames. If it does, then
|
||||||
renaming a file can result in a revert writing outside the wiki srcdir
|
renaming a file can result in a revert writing outside the wiki srcdir
|
||||||
or altering a file that the reverting user should not be able to alter,
|
or altering a file that the reverting user should not be able to alter,
|
||||||
an authorization bypass. Thanks, intrigeri
|
an authorization bypass. Thanks, intrigeri. (CVE-2016-10026)
|
||||||
* cgitemplate: remove some dead code. Thanks, blipvert
|
* cgitemplate: remove some dead code. Thanks, blipvert
|
||||||
* Restrict CSS matches against header class to not break
|
* Restrict CSS matches against header class to not break
|
||||||
Pandoc tables with header rows. Thanks, karsk
|
Pandoc tables with header rows. Thanks, karsk
|
||||||
|
|
|
@ -24,6 +24,9 @@ when reverting.
|
||||||
> I tried to do something more clever (doing the revert, and checking
|
> I tried to do something more clever (doing the revert, and checking
|
||||||
> whether it made changes that aren't allowed) but couldn't get it to
|
> whether it made changes that aren't allowed) but couldn't get it to
|
||||||
> work in a reasonable time, so I'm going with the simpler fix.
|
> work in a reasonable time, so I'm going with the simpler fix.
|
||||||
> [[Fix committed|done]], a release will follow later today. --[[smcv]]
|
> [[Fix committed|done]], a release will follow later today.
|
||||||
|
>
|
||||||
|
> [[!cve CVE-2016-10026]] has been assigned to this vulnerability.
|
||||||
|
> --[[smcv]]
|
||||||
|
|
||||||
>> You rock, thanks a lot! --[[intrigeri]]
|
>> You rock, thanks a lot! --[[intrigeri]]
|
||||||
|
|
|
@ -7,8 +7,8 @@ ikiwiki 3.20161219 released with [[!toggle text="these changes"]]
|
||||||
* Security: tell `git revert` not to follow renames. If it does, then
|
* Security: tell `git revert` not to follow renames. If it does, then
|
||||||
renaming a file can result in a revert writing outside the wiki srcdir
|
renaming a file can result in a revert writing outside the wiki srcdir
|
||||||
or altering a file that the reverting user should not be able to alter,
|
or altering a file that the reverting user should not be able to alter,
|
||||||
an authorization bypass. Thanks, intrigeri
|
an authorization bypass. Thanks, intrigeri. ([[!cve CVE-2016-10026]])
|
||||||
* cgitemplate: remove some dead code. Thanks, blipvert
|
* cgitemplate: remove some dead code. Thanks, blipvert
|
||||||
* Restrict CSS matches against header class to not break
|
* Restrict CSS matches against header class to not break
|
||||||
Pandoc tables with header rows. Thanks, karsk
|
Pandoc tables with header rows. Thanks, karsk
|
||||||
* Make pagestats output more deterministic. Thanks, intrigeri"""]]
|
* Make pagestats output more deterministic. Thanks, intrigeri"""]]
|
||||||
|
|
|
@ -562,4 +562,4 @@ This affects sites with the `git` VCS and the `recentchanges` plugin,
|
||||||
which are both used in most ikiwiki installations.
|
which are both used in most ikiwiki installations.
|
||||||
|
|
||||||
This bug was reported on 2016-12-17. The fixed version 3.20161219
|
This bug was reported on 2016-12-17. The fixed version 3.20161219
|
||||||
was released on 2016-12-19.
|
was released on 2016-12-19. ([[!cve CVE-2016-10026]])
|
||||||
|
|
Loading…
Reference in New Issue