Hi Salvatore, yes you are right, then I must have installed it in jessie and have been running it for years with serious bugs. Since there is still LTS support for jessie, these security-critical bugs should be fixed.
@Maintainer So it's not a good idea if a package is suddenly not updated anymore and is not removed by the dist-upgrade process either. Or was it removed and I installed it manually? I can't remember. Anyway, thanks for your work! Regards Klaus Am 20.09.19 um 21:18 schrieb Salvatore Bonaccorso: > Hi, > > On Fri, Sep 20, 2019 at 01:51:41PM +0200, Klaus Fuerstberger wrote: >> Package: dokuwiki >> Version: 0.0.20140505.a+dfsg-4 >> Severity: important >> >> Dear Maintainer, >> >> today I scanned my Debian oldstable installation with the OpenVAS >> framework and noticed that the dokuwiki package does not include >> important fixes. >> >> The CVE are: >> CVE-2017-18123 DokuWiki Reflected File Download Vulnerability >> CVE-2017-12979 and VE-2017-12980 DokuWiki Stored XSS Vulnerability >> CVE-2017-12583 DokuWiki XSS Vulnerability >> >> As Debian stretch is still supported please update dokuwiki to >> version 2017-02-19e or later. > > FWIW, dokuwiki is not in stretch. It was in jessie, and is again in > buster, but for stretch it was not fit for the release. > > Regards, > Salvatore >
