Debian Bug report logs -
#357436
CVE-2006-1165: XSS in mediamanager module
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 17 Mar 2006 11:34:39 UTC
Severity: grave
Tags: security
Fixed in version dokuwiki/0.0.20060309-3
Done: Matti Pöllä <mpo@iki.fi>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Matti Pöllä <mpo@iki.fi>
:
Bug#357436
; Package dokuwiki
.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Matti Pöllä <mpo@iki.fi>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dokuwiki
Severity: grave
Tags: security
Justification: user security hole
Quoting from upstream changes:
Release 2006-03-05
* XSS security fix for handling EXIF data in the mediamanager
This is CVE-2006-1165.
Cheers,
Moritz
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Reply sent to Matti Pöllä <mpo@iki.fi>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #10 received at 357436-close@bugs.debian.org (full text, mbox, reply):
Source: dokuwiki
Source-Version: 0.0.20060309-3
We believe that the bug you reported is fixed in the latest version of
dokuwiki, which is due to be installed in the Debian FTP archive:
dokuwiki_0.0.20060309-3.diff.gz
to pool/main/d/dokuwiki/dokuwiki_0.0.20060309-3.diff.gz
dokuwiki_0.0.20060309-3.dsc
to pool/main/d/dokuwiki/dokuwiki_0.0.20060309-3.dsc
dokuwiki_0.0.20060309-3_all.deb
to pool/main/d/dokuwiki/dokuwiki_0.0.20060309-3_all.deb
dokuwiki_0.0.20060309.orig.tar.gz
to pool/main/d/dokuwiki/dokuwiki_0.0.20060309.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 357436@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matti Pöllä <mpo@iki.fi> (supplier of updated dokuwiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 26 Apr 2006 01:14:30 +0300
Source: dokuwiki
Binary: dokuwiki
Architecture: source all
Version: 0.0.20060309-3
Distribution: unstable
Urgency: medium
Maintainer: Matti Pöllä <mpo@iki.fi>
Changed-By: Matti Pöllä <mpo@iki.fi>
Description:
dokuwiki - a standards compliant simple to use wiki
Closes: 331612 340497 343615 346567 347818 350303 350794 351294 356693 357436
Changes:
dokuwiki (0.0.20060309-3) unstable; urgency=low
.
* Revised dependency list
.
dokuwiki (0.0.20060309-2) unstable; urgency=low
.
* Added build-dependency to dpatch
.
dokuwiki (0.0.20060309-1) unstable; urgency=medium
.
* New upstream release (Closes: #356693, #357436)
.
dokuwiki (0.0.20050922-7) unstable; urgency=low
.
* Select target webserver using debconf instead of unconditionally
installing to all available servers. (Closes: #350303)
* Check whether apache configuration file needs to be linked.
* Fixed permissions for /var/lib/dokuwiki. (Closes: #350794)
.
dokuwiki (0.0.20050922-6) unstable; urgency=low
.
* Maintainer scripts no longer modify apache configuration
files. (Closes: #340497)
.
dokuwiki (0.0.20050922-5) unstable; urgency=low
.
* Added a patch to remove CC license declaration in
the page footer. (Closes: #343615)
* Removed unnecessary rewrite rules in Apache configuration
and using the supplied .htaccess file instead.
* Test whether ucf exists when purging.
* Allow use with php5. (Closes: #351294)
* New German debconf template (thanks, Erik Schanze; Closes: #346567)
* New Swedish debconf template (thanks, Daniel Nylander; Closes: #347818)
* Whole source licensed with GPL (Closes: #331612)
Files:
d138197d9342461fad7464e112f4d62d 620 web optional dokuwiki_0.0.20060309-3.dsc
d67c854712347e7c3cdba6b4a951c533 834975 web optional dokuwiki_0.0.20060309.orig.tar.gz
802796c779b17463c2a1bc960c4591ee 30656 web optional dokuwiki_0.0.20060309-3.diff.gz
c06597ce7ec6fbb8945c1f3ee82641b8 861704 web optional dokuwiki_0.0.20060309-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEUjrrJkMZOMmr+9MRAm8uAKCn7ZgCNA0m0cFHeL7Zaep7paG6UQCfTlMS
1RTbMLPh7a9WyA0DEHCzB80=
=+T9S
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 25 Jun 2007 05:41:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:02:46 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.