Accepted: tikiwiki,tikiwiki 1.9.7+dfsg-2ubuntu1.2 (source,i386)

Ubuntu Installer archive at
Wed Feb 20 17:55:29 GMT 2008

 OK: tikiwiki_1.9.7+dfsg.orig.tar.gz
 OK: tikiwiki_1.9.7+dfsg-2ubuntu1.2.diff.gz
 OK: tikiwiki_1.9.7+dfsg-2ubuntu1.2.dsc
     -> Component: universe Section: web
 OK: tikiwiki_1.9.7+dfsg-2ubuntu1.2_all.deb

Format: 1.7
Date: Sun, 17 Feb 2008 17:44:04 +0100
Source: tikiwiki
Binary: tikiwiki
Architecture: all source
Version: 1.9.7+dfsg-2ubuntu1.2
Distribution: gutsy-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at>
Changed-By: Emanuele Gentili <emgent at>
 tikiwiki   - groupware and content management system
 tikiwiki (1.9.7+dfsg-2ubuntu1.2) gutsy-security; urgency=low
   * SECURITY UPDATE: (LP: #180702)
     + CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php
       in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or
       HTML via the area_name parameter.
     + CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki
       before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and
       modified filename in the movie parameter.
     + CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have
       unknown impact and attack vectors involving  tiki-edit_css.php,
   * debian/patches/91_CVE-2007-6526_CVE-2007-6528_CVE-2007-6529.dpatch
     - Applied patch by upstream
   * References
     - CVE-2007-6526
     - CVE-2007-6528
     - CVE-2007-6529
 069ff3c8d4a9dab61e787c959bd408c7 6951514 web optional tikiwiki_1.9.7+dfsg-2ubuntu1.2_all.deb
 b18c00306b0bc335fb0ce8acfed25ff9 867 web optional tikiwiki_1.9.7+dfsg-2ubuntu1.2.dsc
 2c9e77edfe429eb410b290530f231906 21917 web optional tikiwiki_1.9.7+dfsg-2ubuntu1.2.diff.gz
Launchpad-Bugs-Fixed: 180702
Original-Maintainer: Debian Tikiwiki team <pkg-tikiwiki-devel at>

More information about the gutsy-changes mailing list