Package: ikiwiki Version: 3.20141016.1 Severity: serious Tags: security fixed-upstream pending Justification: cookie theft via XSS
Raghav Bisht reported a cross-site scripting vulnerability in the handling of the openid_identifier parameter. Unfortunately this was reported in public and while I was 500 miles away from my computer, which is why it has taken me unacceptably long to do a release. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
