hello tanguy I've just installed the Debian Dokuwiki package and did some research concerning CVE-2014-8763/CVE-2014-8764
I have read againg the message of the initial upstream reporter of the issue (http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication), and the null string handling allowing to do the anonymous auth bind is rather a PHP problem than a dokuwiki problem. Now it seems that he problem has been solved in the php side since php 5.6 ( look for ldap in http://php.net/ChangeLog-5.php ) Since Jessie has PHP >= 5.6 in Jessie and Sid, that just leaves Debian stable vulnerable to the issue, so it might not be necessary to make a specific upload for Jessie (I see that your package 0.0.20140929.a-1 has not propagated to Jessie has the freeze has probably blocked it) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
