Re: Updates for dokuwiki
On 23/06/2011 14:41, Tanguy Ortolo wrote:
> Hello,
>
> Following the instructions of the security team, I have recently
> uploaded new versions of my package dokuwiki for stable and oldstable,
> fixing a flaw in the RPC interface that allows to bypass the ACL system
> in some very specific cases. I am not sure that you are already aware of
> my upload.
>
> Now, another flaw has been discovered some days ago, allowing to insert
> arbitrary JavaScript links in the following case: a wiki page references
> an RSS feed; this feed contains specially crafted content. These are
> only JavaScript links, that require users to click on it, but that can
> be inserted from an external control over the referenced RSS feed only.
> This affects both the stable and oldstable version: can I send an
> updated package, fixing both the ACL and the RSS problems?
>
ask -security?
> Regards,
>
--
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/
Reply to: