Re: RFS: tikiwiki

To: debian-mentors@lists.debian.org
Subject: Re: RFS: tikiwiki
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Tue, 3 Jan 2006 10:55:28 +0100
Message-id: <[🔎] slrndrkigg.4vj.jmm@inutil.org>
References: <[🔎] 43BA45E5.4070405@better.se>

Marcus Better wrote:
>   Package name    : tikiwiki
>   Version         : 1.9.2

http://moritz-naumann.com/adv/0003/tikiw/0003.txt
Is this fixed in your package, the advisory says that 1.9.2 is affected
as well? (The path disclosure is not an issue, but the XSS could be)

Given that there've been four vulnerabilities in TikiWiki for 2005 alone,
does upstream have a reasonable security policy, e.g. by documenting problems
properly and not just dumping out an undocumented tarball like many other
PHP apps?

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: RFS: tikiwiki
  - From: Marcus Better <marcus@better.se>

References:
- RFS: tikiwiki
  - From: Marcus Better <marcus@better.se>

Prev by Date: RFS: tikiwiki
Next by Date: RE: RFS: directnet -- A serverless, mesh network instant messaging client
Previous by thread: RFS: tikiwiki
Next by thread: Re: RFS: tikiwiki
Index(es):
- Date
- Thread