FreeLists / dokuwiki / [dokuwiki] Re: security flaw in dokuwiki

[dokuwiki] || [Date Prev] [06-2006 Date Index] [Date Next] || [Thread Prev] [06-2006 Thread Index] [Thread Next]

[dokuwiki] Re: security flaw in dokuwiki

From: Burton Rosenberg <burt@xxxxxxxxxxxx>
To: dokuwiki@xxxxxxxxxxxxx
Date: Sun, 4 Jun 2006 16:09:42 -0400

The release on http://www.splitbrain.org/projects/dokuwiki is still:

dokuwiki-2006-03-09.tgz

Is this the current release with fix?

-burt


On Jun 4, 2006, at 2:36 PM, Andreas Gohr wrote:

Hello everybody!
Bad news: Stefan Esser from the Hardened-PHP project found a security
problem in DokuWiki's spellchecking backend which allows insertion of
arbitrary PHP code. This is a serious flaw and you should fix this
immediatly.
Users who don't use the spellchecking feature can fix the bug by simply deleting the lib/exe/spellcheck.php file.
Detailed infos on how to fix the problem properly are available at
http://bugs.splitbrain.org/?do=details&id=823
The package available for download at http://www.splitbrain.org/go/dokuwiki was fixed for this bug and another minor XSS bug described at http://bugs.splitbrain.org/? do=details&id=820
Regards,
Andi


--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Follow-Ups:
- [dokuwiki] Re: security flaw in dokuwiki
  - From: Andreas Gohr

References:
- [dokuwiki] security flaw in dokuwiki
  - From: Andreas Gohr