severity analysis update

author Joey Hess <joey@kitenet.net>

Mon, 28 Mar 2011 16:56:20 +0000 (12:56 -0400)

committer Joey Hess <joey@kitenet.net>

Mon, 28 Mar 2011 16:56:20 +0000 (12:56 -0400)
author Joey Hess <joey@kitenet.net>
Mon, 28 Mar 2011 16:56:20 +0000 (12:56 -0400)
committer Joey Hess <joey@kitenet.net>
Mon, 28 Mar 2011 16:56:20 +0000 (12:56 -0400)
diff --git a/doc/security.mdwn b/doc/security.mdwn

index 53222a3a63d4a352b842f4aed006ca6484376b60..fb211cd12285fffc8652096d64859f956fc4d95e 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -468,8 +468,7 @@ with the comments plugin enabled. ([[!cve CVE-2011-0428]])
  
  Tango noticed that 'meta stylesheet` directives allowed anyone
  who could upload a malicious stylesheet to a site to add it to a
-page as an alternate stylesheet. In order to be exploited, the user
-would have to select the alternative stylesheet in their browser.
+page as an alternate stylesheet, or replacing the default stylesheet.
  
  This hole was discovered on 28 Mar 2011 and fixed the same hour with
  the release of ikiwiki 3.20110328. An upgrade is recommended for sites
author	Joey Hess <joey@kitenet.net>
	Mon, 28 Mar 2011 16:56:20 +0000 (12:56 -0400)
committer	Joey Hess <joey@kitenet.net>
	Mon, 28 Mar 2011 16:56:20 +0000 (12:56 -0400)