[SECURITY] [DLA 1269-1] dokuwiki security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : dokuwiki
Version : 0.0.20120125b-2+deb7u2
CVE ID : CVE-2017-18123
Debian Bug : #889281
It was discovered that an XHR/AJAX call did not properly encode user
input in the "dokuwiki" wiki platform. This resulted in a reflected file
download vulnerability.
For Debian 7 "Wheezy", this issue has been fixed in dokuwiki version
0.0.20120125b-2+deb7u2.
We recommend that you upgrade your dokuwiki packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlp24lAACgkQHpU+J9Qx
Hlgg/g//SYrRWtCzVZiOwFE2tAEaBZtQi9OyCyPV6jYfRaSAAPOtgYSpTlzHpF6Q
SUXfjbX90tW5nlpz7onygQeBbGmgUtlbpJlI5bwXb4FiYAxftpv/AIhmRRLQbxdR
Y/pMYZJ8rK+qFiZKp3j0b59aBFiF51ZI6KJ/qfhcqR/dWTEXjmblTKSmMmRHMRxP
P1DV8iDnQgm3J/PxKcq0x44xZTyTQuxESV+l5qstWDm9aNc9npfgNvDEBp7Aoqo6
JQc4p1vRGcwsiYN+oAvzinA+sg934+G1Jrtox+p3expAeZaOfhqrb3GZhmSAd02k
fMmMloA+gV+REe7QpOPALJXy1vhdUAsQcSeOgKrEY0BAjczEnv6I49WbbfVjg0Oy
lCGrJZR4AuXjtVDnwYYWwQugL1wzxyw4WEx6qKuu5j5fcRx/Np6jixNEAALaJWYi
Sj00feFelhlJ7Jx66ucipgyPgPs0ZXxhwA7T5QwshS71ZhW/GWAfP8oeFjXMB8xu
ovyTVkL2ubtDYhqu3c7Hji8ejpukmFHt/aVAaiZkloFEutRaKt95XBMAz+e6fuAt
Z+gDRoEPmFSNTeBMfcG30rQOm91l48rlA01oZANAiqeUxuhC85EhKa1jGT8x52rs
bWwyKT1r73wHcAyAPcKT+xkoyCEUGUjKoUVtzafdl8Ug66ZF/FE=
=tT4k
-----END PGP SIGNATURE-----
Reply to: