Accepted: tikiwiki,tikiwiki 1.9.7+dfsg-1ubuntu1.2 (source,i386)
Ubuntu Installer
archive at ubuntu.com
Wed Feb 20 17:55:19 GMT 2008
- Previous message: Accepted: libcdio, libcdio, libcdio, libcdio, libcdio, libcdio 0.76-1ubuntu2.7.04.1 (source, amd64, i386, ia64, powerpc, sparc)
- Next message: Accepted: pcre3, pcre3, pcre3, pcre3, pcre3, pcre3 7.4-0ubuntu0.7.04.2 (source, amd64, i386, ia64, powerpc, sparc)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Accepted:
OK: tikiwiki_1.9.7+dfsg.orig.tar.gz
OK: tikiwiki_1.9.7+dfsg-1ubuntu1.2.diff.gz
OK: tikiwiki_1.9.7+dfsg-1ubuntu1.2.dsc
-> Component: universe Section: web
OK: tikiwiki_1.9.7+dfsg-1ubuntu1.2_all.deb
Format: 1.7
Date: Sun, 17 Feb 2008 18:12:35 +0100
Source: tikiwiki
Binary: tikiwiki
Architecture: all source
Version: 1.9.7+dfsg-1ubuntu1.2
Distribution: feisty-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
tikiwiki - groupware and content management system
Changes:
tikiwiki (1.9.7+dfsg-1ubuntu1.2) feisty-security; urgency=low
.
[ Emanuele Gentili ]
* SECURITY UPDATE: (LP: #180702)
+ CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php
in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or
HTML via the area_name parameter.
+ CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki
before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and
modified filename in the movie parameter.
+ CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have
unknown impact and attack vectors involving tiki-edit_css.php,
tiki-g-admin_shared_source.php.
* debian/patches/91_CVE-2007-6526_CVE-2007-6528_CVE-2007-6529.dpatch
- Applied patch by upstream
* References
- CVE-2007-6526
- CVE-2007-6528
- CVE-2007-6529
.
[ Jamie Strandboge ]
* Use dash-compliant syntax in debian/rules
Files:
837fc612519a2ce7d5caf3a5aa315f96 6951326 web optional tikiwiki_1.9.7+dfsg-1ubuntu1.2_all.deb
9215ae5305ef0ea8d00c53cdb4c2ac2d 867 web optional tikiwiki_1.9.7+dfsg-1ubuntu1.2.dsc
b607a7825b2cf7e106f5232dc42317a0 21841 web optional tikiwiki_1.9.7+dfsg-1ubuntu1.2.diff.gz
Launchpad-Bugs-Fixed: 180702
Original-Maintainer: Debian Tikiwiki team <pkg-tikiwiki-devel at lists.alioth.debian.org>
- Previous message: Accepted: libcdio, libcdio, libcdio, libcdio, libcdio, libcdio 0.76-1ubuntu2.7.04.1 (source, amd64, i386, ia64, powerpc, sparc)
- Next message: Accepted: pcre3, pcre3, pcre3, pcre3, pcre3, pcre3 7.4-0ubuntu0.7.04.2 (source, amd64, i386, ia64, powerpc, sparc)
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the feisty-changes
mailing list