From 22acf1872a746af65b2f5487991ff008e52ed1c2 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Wed, 16 May 2012 21:18:40 -0400
Subject: [PATCH] cve

---
 debian/changelog  | 2 +-
 doc/security.mdwn | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c7e4b1d11..9a73f1084 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,7 @@
 ikiwiki (3.20120516) unstable; urgency=high
 
   * meta: Security fix; add missing sanitization of author and authorurl.
-    Thanks, Raúl Benencia
+    CVE-2012-0220 Thanks, Raúl Benencia
 
  -- Joey Hess <joeyh@debian.org>  Wed, 16 May 2012 19:51:27 -0400
 
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 99f40d3f1..c221c8c6d 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -492,6 +492,8 @@ and whose admins run `ikiwiki-mass-rebuild`.
 ## javascript insertion via meta tags
 
 Raúl Benencia discovered an additional XSS exposure in the meta plugin.
+([[!cvs CVE-2012-0220]])
 
 This hole was discovered on 16 May 2012 and fixed the same day with
-the release of ikiwiki 3.20120516.
+the release of ikiwiki 3.20120516. A fix was backported to Debian squeeze,
+as version 3.20100815.9. An upgrade is recommended for all sites.
-- 
2.32.0.93.g670b81a890