Debian Bug report logs -
#370369
dokuwiki: CVE-2006-2878: remote arbitrary code execution
Reported by: Hilko Bengen <bengen@hilluzination.de>
Date: Sun, 4 Jun 2006 20:48:16 UTC
Severity: critical
Fixed in version 0.0.20060309-4
Done: Matti Pöllä <mpo@iki.fi>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Hilko Bengen <bengen@debian.org>, Matti Pöllä <mpo@iki.fi>
:
Bug#370369
; Package dokuwiki
.
(full text, mbox, link).
Acknowledgement sent to Hilko Bengen <bengen@hilluzination.de>
:
New Bug report received and forwarded. Copy sent to Hilko Bengen <bengen@debian.org>, Matti Pöllä <mpo@iki.fi>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: dokuwiki
Severity: critical
I just got this notice via freshmeat. Arbitrary code execution,
remotely exploitable. No assigned CVE number, yet.
Cheers,
-Hilko
-------------------- Start of forwarded message --------------------
From: <noreply@freshmeat.net>
To: <noreply@freshmeat.net>
Subject: [fmII] Serious security flaw in DokuWiki
Message-Id: <20060604183538.2D03648197@mail.freshmeat.net>
Date: Sun, 4 Jun 2006 11:35:38 -0700 (PDT)
This is an email sent to you by the owners of the freshmeat.net project
record for DokuWiki. All URLs and other useful information can be found
at
http://freshmeat.net/projects/dokuwiki/
________________________| Subscriber message |_________________________
Sent by: Andreas Gohr
http://freshmeat.net/~agohr/
Hello everybody!
Bad news: Stefan Esser from the Hardened-PHP project found a security
problem in DokuWiki's spellchecking backend which allows insertion of
arbitrary PHP code. This is a serious flaw and you should fix this
immediatly.
Users who don't use the spellchecking feature can fix the bug by simply
deleting the lib/exe/spellcheck.php file.
Detailed infos on how to fix the problem properly are available at
http://bugs.splitbrain.org/?do=details&id=823
The package available for download at
http://www.splitbrain.org/go/dokuwiki was fixed for this bug and another
minor XSS bug described at http://bugs.splitbrain.org/?do=details&id=820
Regards,
Andi
__________________________| End of message |___________________________
[...]
-------------------- End of forwarded message --------------------
Tags added: pending
Request was from Matti Pöllä <mpo@iki.fi>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org
:
Bug#370369
; Package dokuwiki
.
(full text, mbox, link).
Acknowledgement sent to Matti Pöllä <mpo@iki.fi>
:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #12 received at 370369@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Both of the recent security bugs have now been fixed in
dokuwiki_0.0.20060309-4 which will be uploaded (by a sponsor) soon. In
the meantime, the packages are available at
http://users.tkk.fi/~mpolla/debian/
cheers,
-Matti
[signature.asc (application/pgp-signature, inline)]
Changed Bug title.
Request was from Alec Berryman <alec@thened.net>
to control@bugs.debian.org
.
(full text, mbox, link).
Reply sent to Matti Pöllä <mpo@iki.fi>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Hilko Bengen <bengen@hilluzination.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #19 received at 370369-done@bugs.debian.org (full text, mbox, reply):
Version: 0.0.20060309-4
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Jun 2007 09:52:50 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:29:48 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.