This update fixes CVE-2015-2172

  • There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules. Update to the 2014-09-29b release which contains various fixes, notably:

Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: * dokuwiki requires php-xml (#1061477) * wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: * dokuwiki requires php-xml (#1061477) * wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: * dokuwiki requires php-xml (#1061477) * wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: * dokuwiki requires php-xml (#1061477) * wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

This update adds dokuwiki package to EPEL7

This update has been submitted for testing by atkac.

6 years ago

This update is currently being pushed to the Fedora EPEL 5 testing updates repository.

6 years ago

This update has been pushed to testing

6 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for stable by atkac.

6 years ago

This update is currently being pushed to the Fedora EPEL 5 stable updates repository.

6 years ago

This update has been pushed to stable

6 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1061477 wiki:syntax page requires php-xml to render
0
0
BZ#1064524 Wrong SELinux type in dokuwiki-selinux package
0
0
BZ#1101095 New release available - 2014-05-05 "Ponder Stibbons"
0
0
BZ#1150133 dokuwiki: various security flaws [fedora-all]
0
0
BZ#1150134 dokuwiki: various security flaws [epel-all]
0
0
BZ#1161816 dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
0
0
BZ#1164394 Add dokuwiki to epel7
0
0
BZ#1164396 dokuwiki requires apache
0
0
BZ#1166099 CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
0
0
BZ#1174331 CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
0
0
BZ#1174332 CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
0
0
BZ#1174333 CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
0
0
BZ#1197822 CVE-2015-2172 dokuwiki: privilege escalation in RPC API
0
0

Automated Test Results