CSRF vulnerability in ikiwiki

[Florian Weimer <fw () deneb enyo de>]

This is:

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475445>

Steven, could we get a CVE, please?  Full description follows (version
1.33.5 has not yet been released, but will follow once I've got a CVE 8-).

## Cross Site Request Forging

Cross Site Request Forging could be used to constuct a link that would
change a logged-in user's password or other preferences if they clicked on
the link. It could also be used to construct a link that would cause a wiki
page to be modified by a logged-in user.

These holes were discovered on 10 April 2008 and fixed the same day with
the release of ikiwiki 2.42. A fix was also backported to Debian etch, as
version 1.33.5. I recommend upgrading to one of these versions.