Security update needed for all versions prior to 2006 March 9th

Bug #45887 reported by Ava Jarvis
260
Affects Status Importance Assigned to Milestone
dokuwiki (Ubuntu)
Fix Released
Medium
Unassigned
Breezy
Invalid
Medium
Unassigned
Dapper
Fix Released
Undecided
StefanPotyra

Bug Description

http://www.frsirt.com/english/advisories/2006/0909

An upgrade to 2006/03/09 is necessary (not just nice). Otherwise this package is a security risk.

Revision history for this message
Martin Pitt (pitti) wrote :

Subscribing Barry deFreese, who touched this package last. It has Ubuntu modifications, thus we cannot just sync.

Revision history for this message
Barry deFreese (bddebian) wrote :

The only change I made was to bump the depends to php5 | php4. If we have a UVF exception, I can pull and modify again if necessary? Thank you.

Revision history for this message
towsonu2003 (towsonu2003) wrote :

why still "unconfirmed"?

Revision history for this message
Martin Pitt (pitti) wrote :

Edgy has latest version

Changed in dokuwiki:
status: Unconfirmed → Fix Released
Kees Cook (kees)
Changed in dokuwiki:
status: Unconfirmed → Confirmed
Revision history for this message
StefanPotyra (sistpoty) wrote :

Hi,

anyone from motu-swat working on this yet? If so, please set yourself as assignee. If not, I'll look into this, probably tonight.

Cheers,
    Stefan - motu-swat.

Kees Cook (kees)
Changed in dokuwiki:
status: Unconfirmed → Confirmed
StefanPotyra (sistpoty)
Changed in dokuwiki:
assignee: nobody → sistpoty
status: Confirmed → In Progress
Revision history for this message
StefanPotyra (sistpoty) wrote :

Completely untested patch so far. Also the edgy version contains two more interesting patches, which I still need to look what they are for and if they apply to dapper as well:
* fixprivilegeescalationbug.dpatch
* fixspellcheckersecurityflaw.dpatch

Revision history for this message
StefanPotyra (sistpoty) wrote :

This one includes the two patches (redone) from above. However it's still completely untested.
I'll do that probably tomorrow ;).

Revision history for this message
StefanPotyra (sistpoty) wrote :

This one is tested and proven to work.

Revision history for this message
StefanPotyra (sistpoty) wrote :

dapper debdiff submitted to security-review.

Changed in dokuwiki:
status: In Progress → Fix Committed
Revision history for this message
Kees Cook (kees) wrote :

Great work! I've uploaded to security; I'll publish it after it's done building. Thanks for the testing! :)

Changed in dokuwiki:
status: Fix Committed → Fix Released
Revision history for this message
Marco Rodrigues (gothicx) wrote :

Breezy support is over.. Today it's Breezy End Of Life!

Changed in dokuwiki:
status: Confirmed → Rejected
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.