Re: Updates for dokuwiki

To: Tanguy Ortolo <tanguy+debian@ortolo.eu>
Cc: debian-release@lists.debian.org
Subject: Re: Updates for dokuwiki
From: Mehdi Dogguy <mehdi@dogguy.org>
Date: Thu, 23 Jun 2011 15:00:22 +0200
Message-id: <[🔎] 4E0338E6.8080207@dogguy.org>
In-reply-to: <[🔎] 20110623124102.GA1345@ortolo.eu>
References: <[🔎] 20110623124102.GA1345@ortolo.eu>

On 23/06/2011 14:41, Tanguy Ortolo wrote:
> Hello,
> 
> Following the instructions of the security team, I have recently
> uploaded new versions of my package dokuwiki for stable and oldstable,
> fixing a flaw in the RPC interface that allows to bypass the ACL system
> in some very specific cases. I am not sure that you are already aware of
> my upload.
> 
> Now, another flaw has been discovered some days ago, allowing to insert
> arbitrary JavaScript links in the following case: a wiki page references
> an RSS feed; this feed contains specially crafted content. These are
> only JavaScript links, that require users to click on it, but that can
> be inserted from an external control over the referenced RSS feed only.
> This affects both the stable and oldstable version: can I send an
> updated package, fixing both the ACL and the RSS problems?
> 

ask -security?

> Regards,
> 


-- 
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/

Reply to:

Follow-Ups:
- Re: Updates for dokuwiki
  - From: Tanguy Ortolo <tanguy+debian@ortolo.eu>

References:
- Updates for dokuwiki
  - From: Tanguy Ortolo <tanguy+debian@ortolo.eu>

Prev by Date: Updates for dokuwiki
Next by Date: Re: Updates for dokuwiki
Previous by thread: Updates for dokuwiki
Next by thread: Re: Updates for dokuwiki
Index(es):
- Date
- Thread