Re: Updates for dokuwiki
On 23/06/2011 14:41, Tanguy Ortolo wrote:
> Following the instructions of the security team, I have recently
> uploaded new versions of my package dokuwiki for stable and oldstable,
> fixing a flaw in the RPC interface that allows to bypass the ACL system
> in some very specific cases. I am not sure that you are already aware of
> my upload.
> Now, another flaw has been discovered some days ago, allowing to insert
> an RSS feed; this feed contains specially crafted content. These are
> be inserted from an external control over the referenced RSS feed only.
> This affects both the stable and oldstable version: can I send an
> updated package, fixing both the ACL and the RSS problems?
Mehdi Dogguy مهدي الدڤي