From: Joey Hess <joey@kodama.kitenet.net>
Date: Sun, 10 Feb 2008 23:39:42 +0000 (-0500)
Subject: update changelog after cherry-picking all relevent fixes
X-Git-Tag: 1.33.5~4
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8f788fa1e1489c27959f161ed46f96ddf009d0ee;p=ikiwiki.git

update changelog after cherry-picking all relevent fixes
---

diff --git a/debian/changelog b/debian/changelog
index 7dd7a2a29..d2dbe592d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,11 @@
 ikiwiki (1.33.4) stable-security; urgency=high
 
   * htmlscrubber security fix: Block javascript in uris. Closes: #465110
+  * meta: Check that the urls provided for authorurl, permalink, and openid
+    are safe and can't contain javascript.
   * Add htmlscrubber test suite.
+  * Thanks to Josh Triplett for pointing out the holes and for his help
+    in implementing and checking fixes.
 
  -- Joey Hess <joeyh@debian.org>  Sun, 10 Feb 2008 13:34:28 -0500