diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index d3ec481f8..13293d863 100644 --- a/debian/changelog +++ b/debian/changelog @@ -25,8 +25,14 @@ ikiwiki (1.42) UNRELEASED; urgency=low to be used as close to public domain as possible. * viewcvs is now viewvc (in Debian unstable), update everything to use the new name. - - -- Joey Hess <joeyh@debian.org> Fri, 9 Feb 2007 00:27:59 -0500 + * Fix a security hole that allowed a web user to edit images and other + non-page format files in the wiki. To exploit this, the file already had + to exist in the wiki, and the web user would need to somehow use the web + based editor to replace it with malicious content. + (Sorry Josh, this means you can't edit style.css directly anymore, + although I do appreciate your fixes, actually..) + + -- Joey Hess <joeyh@debian.org> Sat, 10 Feb 2007 15:09:51 -0500 ikiwiki (1.41) unstable; urgency=low |