add CVE link

author Joey Hess <joey@kodama.kitenet.net>

Sun, 20 Apr 2008 19:25:51 +0000 (15:25 -0400)

committer Joey Hess <joey@kodama.kitenet.net>

Sun, 20 Apr 2008 19:25:51 +0000 (15:25 -0400)
author Joey Hess <joey@kodama.kitenet.net>
Sun, 20 Apr 2008 19:25:51 +0000 (15:25 -0400)
committer Joey Hess <joey@kodama.kitenet.net>
Sun, 20 Apr 2008 19:25:51 +0000 (15:25 -0400)
diff --git a/debian/changelog b/debian/changelog

index 2b3b756f8e2de91d2dba1ef506dac6612762ab57..bd2ed8afd9ff23954004c8c1570ef0370cb7cdbf 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -24,6 +24,7 @@ ikiwiki (2.42) unstable; urgency=high
    * Fix CSRF attacks against the preferences and edit forms. The fix involved
      embedding the session id in the forms, and not allowing the forms to be
      submitted if the embedded id does not match the session id. Closes: #475445
+    (CVE-2008-0165)
  
   -- Joey Hess <joeyh@debian.org>  Thu, 03 Apr 2008 02:35:39 -0400
  
diff --git a/doc/security.mdwn b/doc/security.mdwn

index bbbc98e1f4c39165efc62033e5b79fd282ee1ac9..fc993728844b9b7afd1bfb8070e542042c18ff92 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -372,7 +372,7 @@ parties.
  Cross Site Request Forging could be used to constuct a link that would
  change a logged-in user's password or other preferences if they clicked on
  the link. It could also be used to construct a link that would cause a wiki
-page to be modified by a logged-in user.
+page to be modified by a logged-in user. ([[cve CVE-2008-0165]])
  
  These holes were discovered on 10 April 2008 and fixed the same day with
  the release of ikiwiki 2.42. A fix was also backported to Debian etch, as
author	Joey Hess <joey@kodama.kitenet.net>
	Sun, 20 Apr 2008 19:25:51 +0000 (15:25 -0400)
committer	Joey Hess <joey@kodama.kitenet.net>
	Sun, 20 Apr 2008 19:25:51 +0000 (15:25 -0400)
debian/changelog		patch \| blob \| history
doc/security.mdwn		patch \| blob \| history