urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

master
Simon McVittie 2016-12-29 21:34:10 +00:00
parent e0341d0e88 7562350a3a
commit a60f837695
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
doc/security.mdwn
View File

@ -547,7 +547,7 @@ for sites where an untrusted user is able to attach files with arbitrary
names and/or run a setuid ikiwiki wrapper with a working directory of
their choice.
## Editing restriction bypass for git revert
## <span id="cve-2016-9645">Editing restriction bypass for git revert</span>
intrigeri discovered that a web or git user could revert a change to a
page they are not allowed to edit, if the change being reverted was made
@ -571,7 +571,7 @@ A backport to Debian 8 'jessie' is in progress.
[[!cve CVE-2016-9645]]/OVE-20161226-0002 represents the vulnerability
in 3.20161219 caused by the incomplete fix.)
## Commit metadata forgery via CGI::FormBuilder context-dependent APIs
## <span id="cve-2016-9646">Commit metadata forgery via CGI::FormBuilder context-dependent APIs</span>
When CGI::FormBuilder->field("foo") is called in list context (and
in particular in the arguments to a subroutine that takes named