cve id

[ikiwiki.git] / debian / changelog

diff --git a/debian/changelog b/debian/changelog
index 86f1f036dfd22fc61470cbfd37cf82c425e31b0c..02796394b947a17225df72e4808c4bfc0955c9ed 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
 ikiwiki (2.49) UNRELEASED; urgency=low
 
   * haiku: Generate valid xhtml.
+  * ikiwiki-mass-rebuild: Don't trust $! when setting $)
+  * inline: The optimisation in 2.41 broke nested inlines. Detect those
+    and avoid overoptimising.
 
  -- Joey Hess <joeyh@debian.org>  Fri, 30 May 2008 19:08:54 -0400
 
@@ -8,7 +11,7 @@ ikiwiki (2.48) unstable; urgency=high
 
   * Fix security hole that occurred if openid and passwordauth were both
     enabled. passwordauth would allow logging in as a known openid, with an
-    empty password. Closes: #483770
+    empty password. Closes: #483770 (CVE-2008-0169)
   * Add rel=nofollow to edit links. This may prevent some spiders from
     pounding on the cgi following edit links.
   * passwordauth: If Authen::Passphrase is installed, use it to store