Package: dokuwiki
Version: 0.0.20120125b-2+deb7u1
Severity: important
Dear Maintainer,
There's been a hotfix release for dokuwiki.
>From the report: "The user's details were not properly escaped in the user
manager's edit form. This allows a registered user to edit her own name (using
the change profile option) to include malicious JavaScript code. The code is
executed when a super user tries to edit the user via the user manager."
You can see more details here:
https://github.com/splitbrain/dokuwiki/issues/1081
This seems to affect the version in testing and unstable too.
Let me know if I can help to solve it ASAP
Thanks a lot,
Rodrigo
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
