Input passed via the "author" and "authorurl" parameters to meta directives when creating or editing a page is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in versions prior to 3.20120516. Solution Update to version 3.20120516.
www-apps/ikiwiki-3.20120516 is in the tree.
Thanks, folks. Closing noglsa for ~arch only package.