+
+## tty hijacking via ikiwiki-mass-rebuild
+
+Ludwig Nussel discovered a way for users to hijack root's tty when
+ikiwiki-mass-rebuild was run. Additionally, there was some potential
+for information disclosure via symlinks.
+
+This hole was disconvered on 8 June 2011 and fixed the same day with
+the release of ikiwiki 3.20110608. Note that the fix is dependant on
+a su that has a similar hole fixed; [[!debbug 628843]] tracks fixing
+the hole in Debian's su. An upgrade is a must for any sites whose
+admins run ikiwiki-mass-rebuild.