summaryrefslogtreecommitdiff
path: root/doc/security.mdwn
diff options
context:
space:
mode:
Diffstat (limited to 'doc/security.mdwn')
-rw-r--r--doc/security.mdwn10
1 files changed, 10 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 0841abf49..939d65d01 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -407,3 +407,13 @@ discovered on 30 May 2008 and fixed the same day. ([[!cve CVE-2008-0169]])
I recommend upgrading to 2.48 immediatly if your wiki allows both password
and openid logins.
+
+## Malformed UTF-8 DOS
+
+Feeding ikiwiki page sources containing certian forms of malformed UTF-8
+can cause it to crash. This can potentially be used for a denial of service
+attack.
+
+intrigeri discovered this problem on 12 Nov 2008 and a patch put in place
+later that day, in version 2.70. The fix was backported to testing as version
+2.53.3, and to stable as version 1.33.7.