From c1289de1eff4c0b4b2cd47e61b2273970e327009 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kodama.kitenet.net>
Date: Sat, 31 May 2008 20:16:18 -0400
Subject: cve id

---
 doc/news/version_2.48.mdwn | 1 +
 doc/security.mdwn          | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'doc')

diff --git a/doc/news/version_2.48.mdwn b/doc/news/version_2.48.mdwn
index a0c52f4e8..76dbd7ddc 100644
--- a/doc/news/version_2.48.mdwn
+++ b/doc/news/version_2.48.mdwn
@@ -13,6 +13,7 @@ ikiwiki 2.48 released with [[toggle text="these changes"]]
    * Fix security hole that occurred if openid and passwordauth were both
      enabled. passwordauth would allow logging in as a known openid, with an
      empty password. Closes: #[483770](http://bugs.debian.org/483770)
+     (CVE-2008-0169)
    * Add rel=nofollow to edit links. This may prevent some spiders from
      pounding on the cgi following edit links.
    * passwordauth: If Authen::Passphrase is installed, use it to store
diff --git a/doc/security.mdwn b/doc/security.mdwn
index b2e076ec4..57cac719f 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -403,7 +403,7 @@ passwords in cleartext over the net to log in, either.
 This hole allowed ikiwiki to accept logins using empty passwords, to openid
 accounts that didn't use a password. It was introduced in version 1.34, and
 fixed in version 2.48. The [bug](http://bugs.debian.org/483770) was
-discovered on 30 May 2008 and fixed the same day.
+discovered on 30 May 2008 and fixed the same day. ([[cve CVE-2008-0169]])
 
 I recommend upgrading to 2.48 immediatly if your wiki allows both password
 and openid logins.
-- 
cgit v1.2.3