Debian Bug report logs -
#773429
dokuwiki: CVE-2014-9253
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Thu, 18 Dec 2014 10:09:02 UTC
Severity: important
Tags: security
Fixed in version dokuwiki/0.0.20140929.d-1
Done: Tanguy Ortolo <tanguy+debian@ortolo.eu>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Tanguy Ortolo <tanguy+debian@ortolo.eu>:
Bug#773429; Package dokuwiki.
(Thu, 18 Dec 2014 10:09:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Tanguy Ortolo <tanguy+debian@ortolo.eu>.
(Thu, 18 Dec 2014 10:09:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dokuwiki
Severity: important
Tags: security
Hi,
please see
http://security.szurek.pl/dokuwiki-20140929a-xss.html
https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960
Since sid and jessie differ in versions, please make a targeted jessie
upload (along with fixes for
https://security-tracker.debian.org/tracker/CVE-2014-8764 and
https://security-tracker.debian.org/tracker/CVE-2014-8763 )
Cheers,
Moritz
Reply sent
to Tanguy Ortolo <tanguy+debian@ortolo.eu>:
You have taken responsibility.
(Sun, 22 Mar 2015 18:51:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Sun, 22 Mar 2015 18:51:09 GMT) (full text, mbox, link).
Message #10 received at 773429-close@bugs.debian.org (full text, mbox, reply):
Source: dokuwiki
Source-Version: 0.0.20140929.d-1
We believe that the bug you reported is fixed in the latest version of
dokuwiki, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 773429@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tanguy Ortolo <tanguy+debian@ortolo.eu> (supplier of updated dokuwiki package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 22 Mar 2015 17:00:41 +0100
Source: dokuwiki
Binary: dokuwiki
Architecture: source all
Version: 0.0.20140929.d-1
Distribution: unstable
Urgency: medium
Maintainer: Tanguy Ortolo <tanguy+debian@ortolo.eu>
Changed-By: Tanguy Ortolo <tanguy+debian@ortolo.eu>
Description:
dokuwiki - standards compliant simple to use wiki
Closes: 773429 779547 780817
Changes:
dokuwiki (0.0.20140929.d-1) unstable; urgency=medium
.
* New upstream hotfix releases:
+ prevent XSS attack via SWF uploads. (CVE-2014-9253) (Closes: #773429)
+ fix privilege escalation in RPC API (CVE-2015-2172) (Closes: #779547)
+ fix an XSS vulnerability in the user manager (Closes: #780817)
Checksums-Sha1:
f7f4d93aeb99880056a2fc3aca46d9861e8ed63c 2000 dokuwiki_0.0.20140929.d-1.dsc
623c9f1351b8df704abe64a49e16550e60623c86 3283317 dokuwiki_0.0.20140929.d.orig.tar.gz
21c3695e0a707b06f6e0e5d760147c1801a84416 94748 dokuwiki_0.0.20140929.d-1.debian.tar.xz
37c0071556effd725988fd4b2b769fe807428e1b 1688518 dokuwiki_0.0.20140929.d-1_all.deb
Checksums-Sha256:
699448f5ea71147779a4c8b28da20b6b90dd34b599b26b8e4fc8953b68cf01cb 2000 dokuwiki_0.0.20140929.d-1.dsc
6fc6794e13c8e3fe07f5e02bd09cc3a167486a676e9822fa17aab0a45b094794 3283317 dokuwiki_0.0.20140929.d.orig.tar.gz
e2023434920d5629e58924d9c4438c93179e79ffa451ff6170f8e98142fb9b3d 94748 dokuwiki_0.0.20140929.d-1.debian.tar.xz
9b56acc8574e75815ba42e467fe8b3c9f1cfd1f2edef0d07ddc736f0bd07c51b 1688518 dokuwiki_0.0.20140929.d-1_all.deb
Files:
da7a75494251ab1169d17b9553c64c9b 2000 web optional dokuwiki_0.0.20140929.d-1.dsc
2bf2d6c242c00e9c97f0647e71583375 3283317 web optional dokuwiki_0.0.20140929.d.orig.tar.gz
9adf20fbebbbca1a84bce8fe62dddf89 94748 web optional dokuwiki_0.0.20140929.d-1.debian.tar.xz
dedab2fbe60ec10fd043558d95492ed2 1688518 web optional dokuwiki_0.0.20140929.d-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJVDwTlAAoJEOryzVHFAGgZEBcP/3NA9CuNFBY3wvvqsVhc7//0
TaWkWumN2IxciLAnhUsyTPR9zqRGsXHX5f7/4rA+5oOlFLVhW/QFcvLtOmz0BTbo
Oan0ij7wGIl4iycaiKoonw8TtlFleu9G8relivJX6HQz9AxxS9Bn/RmI+NDlxgfG
T8MyFNfXlCHtpE7eJF7qAQGWT/SB99AKpoQLljDaOPvkZSWMgmTmzH7Nr65fU55k
QcLdQN1On+C/g3IbBHNfw+18j6MQUWTLD50oicBLpKY0hWTnYVrfNAdvNYVxj49X
iUSoMMH4Nv4UAz0E0DqhhZA4C6td1c/fm7WUYBmq38J3ctNF2MnYSZbaQ5ppqlkp
f6YBZMTR8QaFrGQXCJcjCKYaPIhw28Fc/7YyFfE7FWfFjvu+tXIyKHEa1LT1iEVC
5gHGVTg00Vz376B/+O5n+DtqTZX5SUpZhAKWp8ih424k5K2YGFLLHXBIYEJRdJ1L
1iEKz/Atr6BmJssPwVBugGGEnK8CoOIgQf7DEQxwuXGMiprNEVD7Pzv8wZQ6D8km
ktTuo2thLJDLPtbso10tAfQcLtGtGefs7DrUytumGudseLiEND0BT/EA/IUCsI0f
hQs6exXJanT0tSJj0QQKJeaMGv1j5h6O90UzTusAKY5tnydn/End4K8gq2Q1tAk9
ksTGVwNcl8b6OkCj9VvC
=H0dC
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 20 Apr 2015 07:26:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:30:36 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon