backport

author Joey Hess <joey@kitenet.net>

Sat, 22 Jan 2011 15:51:00 +0000 (11:51 -0400)

committer Joey Hess <joey@kitenet.net>

Sat, 22 Jan 2011 15:51:00 +0000 (11:51 -0400)
author Joey Hess <joey@kitenet.net>
Sat, 22 Jan 2011 15:51:00 +0000 (11:51 -0400)
committer Joey Hess <joey@kitenet.net>
Sat, 22 Jan 2011 15:51:00 +0000 (11:51 -0400)
diff --git a/doc/security.mdwn b/doc/security.mdwn

index 5fb85a469daf4fd59f5f700323fe690438eb23b3..52d9d3dc0c4ee820a3a40ae79e7a5f16ad925999 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -460,5 +460,6 @@ Dave B noticed that attempting to comment on an illegal page name could be
  used for an XSS attack.
  
  This hole was discovered on 22 Jan 2011 and fixed the same day with
-the release of ikiwiki 3.20110122. An upgrade is recommended for sites
+the release of ikiwiki 3.20110122. A fix was backported to Debian squeeze,
+as version 3.20100815.5. An upgrade is recommended for sites
  with the comments plugin enabled. ([[!cve CVE-2011-0428]])
author	Joey Hess <joey@kitenet.net>
	Sat, 22 Jan 2011 15:51:00 +0000 (11:51 -0400)
committer	Joey Hess <joey@kitenet.net>
	Sat, 22 Jan 2011 15:51:00 +0000 (11:51 -0400)