[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Updates for dokuwiki


Following the instructions of the security team, I have recently
uploaded new versions of my package dokuwiki for stable and oldstable,
fixing a flaw in the RPC interface that allows to bypass the ACL system
in some very specific cases. I am not sure that you are already aware of
my upload.

Now, another flaw has been discovered some days ago, allowing to insert
arbitrary JavaScript links in the following case: a wiki page references
an RSS feed; this feed contains specially crafted content. These are
only JavaScript links, that require users to click on it, but that can
be inserted from an external control over the referenced RSS feed only.
This affects both the stable and oldstable version: can I send an
updated package, fixing both the ACL and the RSS problems?


: /` )   Tanguy Ortolo <xmpp:tanguy@ortolo.eu> <irc://irc.oftc.net/Elessar>
| `-'    Debian Maintainer

Attachment: signature.asc
Description: Digital signature

Reply to: