add CVE ids

author Joey Hess <joey@kodama.kitenet.net>

Wed, 20 Feb 2008 21:48:38 +0000 (16:48 -0500)

committer Joey Hess <joey@kodama.kitenet.net>

Wed, 20 Feb 2008 21:48:38 +0000 (16:48 -0500)
author Joey Hess <joey@kodama.kitenet.net>
Wed, 20 Feb 2008 21:48:38 +0000 (16:48 -0500)
committer Joey Hess <joey@kodama.kitenet.net>
Wed, 20 Feb 2008 21:48:38 +0000 (16:48 -0500)
diff --git a/doc/security.mdwn b/doc/security.mdwn

index 9259209eeb34e99714d247dfee1144e929c90533..723daeccc4afa9a635f2bc0bd3dede11e1244eb6 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -356,9 +356,10 @@ allow the security hole to be exploited.
  ## javascript insertion via uris
  
  The htmlscrubber did not block javascript in uris. This was fixed by adding
-a whitelist of valid uri types, which does not include javascript. Some
-urls specifyable by the meta plugin could also theoretically have been used
-to inject javascript; this was also blocked.
+a whitelist of valid uri types, which does not include javascript. 
+([[cve CVE-2008-0809]]) Some urls specifyable by the meta plugin could also
+theoretically have been used to inject javascript; this was also blocked
+([[cve CVE-2008-0808]]).
  
  This hole was discovered on 10 February 2008 and fixed the same day
  with the release of ikiwiki 2.31.1. (And a few subsequent versions..)
author	Joey Hess <joey@kodama.kitenet.net>
	Wed, 20 Feb 2008 21:48:38 +0000 (16:48 -0500)
committer	Joey Hess <joey@kodama.kitenet.net>
	Wed, 20 Feb 2008 21:48:38 +0000 (16:48 -0500)