diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/NEWS | 10 | ||||
| -rw-r--r-- | debian/changelog | 9 |
2 files changed, 17 insertions, 2 deletions
diff --git a/debian/NEWS b/debian/NEWS index 1dabd1735..87fcc5e63 100644 --- a/debian/NEWS +++ b/debian/NEWS @@ -1,3 +1,13 @@ +ikiwiki (2.14) unstable; urgency=low + + This version of ikiwiki is more picky about symlinks in the path leading + to the srcdir, and will refuse to use a srcdir specified by such a path. + This was necessary to avoid some potential exploits, but could potentially + break (semi-)working wikis. If your wiki has a srcdir path containing a + symlink, you should change it to use a path that does not. + + -- Joey Hess <joeyh@debian.org> Mon, 26 Nov 2007 14:57:57 -0500 + ikiwiki (2.9) unstable; urgency=low Since ikiwiki 2.0 was released, some limitiations have been added to what diff --git a/debian/changelog b/debian/changelog index 456d4b908..299d7d571 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,9 +1,14 @@ -ikiwiki (2.14) UNRELEASED; urgency=low +ikiwiki (2.14) unstable; urgency=high * Let CC be used to control what compiler is used to build wrappers. * Use 'cc' instead of gcc as the default compiler. + * Security fix: Ensure that there are no symlinks anywhere in the path + to the top of the srcdir. In certian unusual configurations, an attacker + who could commit to one of the parent directories of the srcdir could + use a symlink attack to cause ikiwiki to publish files elsewhere in the + filesystem. More details at <http://ikiwiki.info/security/#index29h2> - -- Joey Hess <joeyh@debian.org> Sun, 25 Nov 2007 15:49:49 -0500 + -- Joey Hess <joeyh@debian.org> Mon, 26 Nov 2007 15:26:06 -0500 ikiwiki (2.13) unstable; urgency=low |