projects
/
ikiwiki.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
c963cf3
)
update changelog after cherry-picking all relevent fixes
author
Joey Hess
<joey@kodama.kitenet.net>
Sun, 10 Feb 2008 23:39:42 +0000
(18:39 -0500)
committer
Joey Hess
<joey@kodama.kitenet.net>
Sun, 10 Feb 2008 23:39:42 +0000
(18:39 -0500)
debian/changelog
patch
|
blob
|
history
diff --git
a/debian/changelog
b/debian/changelog
index 7dd7a2a29101cbb61f1727ee2a5a27903cc4c731..d2dbe592db31b1cc469f4d8660a381cee9915cd5 100644
(file)
--- a/
debian/changelog
+++ b/
debian/changelog
@@
-1,7
+1,11
@@
ikiwiki (1.33.4) stable-security; urgency=high
* htmlscrubber security fix: Block javascript in uris. Closes: #465110
+ * meta: Check that the urls provided for authorurl, permalink, and openid
+ are safe and can't contain javascript.
* Add htmlscrubber test suite.
+ * Thanks to Josh Triplett for pointing out the holes and for his help
+ in implementing and checking fixes.
-- Joey Hess <joeyh@debian.org> Sun, 10 Feb 2008 13:34:28 -0500