urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add CVE link

master
Joey Hess 2008-04-20 15:25:51 -04:00
parent e62f3f8f95
commit 3912a9f5e9
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/changelog vendored
View File

@ -24,6 +24,7 @@ ikiwiki (2.42) unstable; urgency=high
* Fix CSRF attacks against the preferences and edit forms. The fix involved
embedding the session id in the forms, and not allowing the forms to be
submitted if the embedded id does not match the session id. Closes: #475445
(CVE-2008-0165)
-- Joey Hess <joeyh@debian.org> Thu, 03 Apr 2008 02:35:39 -0400

2
doc/security.mdwn
View File

@ -372,7 +372,7 @@ parties.
Cross Site Request Forging could be used to constuct a link that would
change a logged-in user's password or other preferences if they clicked on
the link. It could also be used to construct a link that would cause a wiki
page to be modified by a logged-in user.
page to be modified by a logged-in user. ([[cve CVE-2008-0165]])
These holes were discovered on 10 April 2008 and fixed the same day with
the release of ikiwiki 2.42. A fix was also backported to Debian etch, as