Package: dokuwiki
Severity: critical
I just got this notice via freshmeat. Arbitrary code execution,
remotely exploitable. No assigned CVE number, yet.
Cheers,
-Hilko
-------------------- Start of forwarded message --------------------
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [fmII] Serious security flaw in DokuWiki
Message-Id: <[EMAIL PROTECTED]>
Date: Sun, 4 Jun 2006 11:35:38 -0700 (PDT)
This is an email sent to you by the owners of the freshmeat.net project
record for DokuWiki. All URLs and other useful information can be found
at
http://freshmeat.net/projects/dokuwiki/
________________________| Subscriber message |_________________________
Sent by: Andreas Gohr
http://freshmeat.net/~agohr/
Hello everybody!
Bad news: Stefan Esser from the Hardened-PHP project found a security
problem in DokuWiki's spellchecking backend which allows insertion of
arbitrary PHP code. This is a serious flaw and you should fix this
immediatly.
Users who don't use the spellchecking feature can fix the bug by simply
deleting the lib/exe/spellcheck.php file.
Detailed infos on how to fix the problem properly are available at
http://bugs.splitbrain.org/?do=details&id=823
The package available for download at
http://www.splitbrain.org/go/dokuwiki was fixed for this bug and another
minor XSS bug described at http://bugs.splitbrain.org/?do=details&id=820
Regards,
Andi
__________________________| End of message |___________________________
[...]
-------------------- End of forwarded message --------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
