Bug#684975: unblock: dokuwiki/dokuwiki_0.0.20120125b-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#684975: unblock: dokuwiki/dokuwiki_0.0.20120125b-1
From: Tanguy Ortolo <tanguy+debian@ortolo.eu>
Date: Wed, 15 Aug 2012 12:10:48 +0200
Message-id: <[🔎] 20120815101048.23552.65164.reportbug@clarke.ortolo.eu>
Reply-to: Tanguy Ortolo <tanguy+debian@ortolo.eu>, 684975@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Please unblock package dokuwiki

Current version in testing 0.0.20120125a-1 has a security flaw #683378. There
is a new upstream version, 0.0.20120125b, which fixes this and only this.

I am not convinced that this fits into the release policy, since it does not
fix an RC bug, only a security one. Additionally, it consists in a new upstream
version, which adds to this uncertainty regarding the policy. For this reason I
have not uploaded it to unstable yet. Attached it a debdiff of the updated
package, please advice.

unblock dokuwiki/dokuwiki_0.0.20120125b-1

Regards,

- -- 
Tanguy Ortolo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQK3WjAAoJEOryzVHFAGgZIZcQAI2FAkfA1VfwMayzJeOMwmye
asHVV2eTQq4IeNyGnAMoV+lBbT6RwTxgnH7IwJWQcasWe3J47lmkRVDgi6mk/Eq9
+pk0qLuQQP1pte56flth0vrBhZ/1XCg2YVSFLLhoUSBwtxg5EPL1BjL8MFCU7ba3
4k22TFhLGZLK1tqH9r/o5Nh9xdmoE6mldKSBkmDhZqd8BoFdvVd5RmwcdtpmYpCw
9+ywAE61gj1DTg7m/4SzRtfrJ0rh+9cKVveNc08SsvG1hlcw/qJWlCcbDwagkrwF
9rZ3vGjZV87sSpR2SBdJQz9SswcArKm7r2YUqQ6I1dNvKu7UkX3T6E13MQJa/pZ3
LxhEV8ITREyvAU1/0+vLSjxpa66hUx/pMwuobIHrSkAd7XWlEptnu2g+uLrDHcd/
vInKyCQq83K3OsKsf3c3wVPdWQRwOaYnFOci4t1ud0g8swhPpUaAHKZTKUb74Wmd
AbD3x7t7EgFZb+OkthHUyW8Hm0g9Rr9+zFoh56OcCmJlz8FJQVRD3L5cb4cs/6UN
1WssfA0+BFe/vNT6qEeceUNuSAOa8yfTflm4N8FVv7kX7q7KQ80HxP75yJ4HKGh9
Q2FAz55N05Z0SeiQhnQi6rODZaEmauWn/oDjOvI8kr4i3uVwhp975egM+g1j2CIr
aJ9tF4198Bh2hwFRwsY0
=w/oh
-----END PGP SIGNATURE-----

diff -Nru dokuwiki-0.0.20120125a/debian/changelog dokuwiki-0.0.20120125b/debian/changelog
--- dokuwiki-0.0.20120125a/debian/changelog	2012-05-05 14:28:26.000000000 +0200
+++ dokuwiki-0.0.20120125b/debian/changelog	2012-08-15 11:59:25.000000000 +0200
@@ -1,3 +1,11 @@
+dokuwiki (0.0.20120125b-1) unstable; urgency=high
+
+  * New upstream bugfix release: sanitize a POST parameter that could be used
+    to inject artitrary HTML and JavaScript, leading to an XSS vulnerability.
+    (CVE-2012-0283) (Closes: #683378)
+
+ -- Tanguy Ortolo <tanguy+debian@ortolo.eu>  Wed, 15 Aug 2012 11:46:36 +0200
+
 dokuwiki (0.0.20120125a-1) unstable; urgency=high
 
   * New upstream bugfix release: properly escape an error messages that could
diff -Nru dokuwiki-0.0.20120125a/doku.php dokuwiki-0.0.20120125b/doku.php
--- dokuwiki-0.0.20120125a/doku.php	2012-04-19 12:12:33.000000000 +0200
+++ dokuwiki-0.0.20120125b/doku.php	2012-07-13 13:13:57.000000000 +0200
@@ -7,7 +7,7 @@
  */
 
 // update message version
-$updateVersion = 36.1;
+$updateVersion = 36.2;
 
 //  xdebug_start_profiling();
 
diff -Nru dokuwiki-0.0.20120125a/inc/template.php dokuwiki-0.0.20120125b/inc/template.php
--- dokuwiki-0.0.20120125a/inc/template.php	2012-04-19 12:09:54.000000000 +0200
+++ dokuwiki-0.0.20120125b/inc/template.php	2012-07-13 13:13:57.000000000 +0200
@@ -1151,7 +1151,7 @@
     echo '<div class="panelHeader">'.NL;
     echo '<h3>';
     $tabTitle = ($NS) ? $NS : '['.$lang['mediaroot'].']';
-    printf($lang['media_' . $opened_tab], '<strong>'.$tabTitle.'</strong>');
+    printf($lang['media_' . $opened_tab], '<strong>'.hsc($tabTitle).'</strong>');
     echo '</h3>'.NL;
     if ($opened_tab === 'search' || $opened_tab === 'files') {
         media_tab_files_options();
diff -Nru dokuwiki-0.0.20120125a/lib/exe/ajax.php dokuwiki-0.0.20120125b/lib/exe/ajax.php
--- dokuwiki-0.0.20120125a/lib/exe/ajax.php	2012-04-19 12:09:54.000000000 +0200
+++ dokuwiki-0.0.20120125b/lib/exe/ajax.php	2012-07-13 13:13:57.000000000 +0200
@@ -13,7 +13,6 @@
 
 header('Content-Type: text/html; charset=utf-8');
 
-
 //call the requested function
 if(isset($_POST['call'])){
     $call = $_POST['call'];
@@ -204,7 +203,7 @@
     global $conf;
     global $NS;
 
-    $NS = $_POST['ns'];
+    $NS = cleanID($_POST['ns']);
     if ($_POST['do'] == 'media') {
         tpl_mediaFileList();
     } else {
diff -Nru dokuwiki-0.0.20120125a/VERSION dokuwiki-0.0.20120125b/VERSION
--- dokuwiki-0.0.20120125a/VERSION	2012-04-19 12:12:33.000000000 +0200
+++ dokuwiki-0.0.20120125b/VERSION	2012-07-13 13:13:57.000000000 +0200
@@ -1 +1 @@
-2012-01-25a "Angua"
+2012-01-25b "Angua"

Reply to:

Follow-Ups:
- Bug#684975: unblock: dokuwiki/dokuwiki_0.0.20120125b-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#684975: unblock: dokuwiki/dokuwiki_0.0.20120125b-1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#684975: marked as done (unblock: dokuwiki/dokuwiki_0.0.20120125b-1)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Allow ocfs2-tools 1.6.4-2 into wheezy
Next by Date: Bug#684414: marked as done (unblock (pre-approval): libspectre/0.2.7-1)
Previous by thread: Re: Allow ocfs2-tools 1.6.4-2 into wheezy
Next by thread: Bug#684975: unblock: dokuwiki/dokuwiki_0.0.20120125b-1
Index(es):
- Date
- Thread