First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 109858
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Michael Davey <gentoo@collabra.ltd.uk>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 109858 depends on: Show dependency tree
Bug 109858 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-10-19 14:35 0000 
A new release of TikiWiki is now available on SourceForge.net: version 1.9.1.1
for the 1.9 -Sirius- branch.

This maintainance release includes fixes for a recently identified security flaw.


Reproducible: Always
Steps to Reproduce:
1.
2.
3.




1.9.1.1 is available as a patch tarball to be applied over version 1.9.1 and as
a complete distribution.

Additionally, the Tiki community have recently marked the 1.9 branch as stable
and fit for production use, thus 1.9.1.1 should ideally be the default
(unmasked) target for an emerge of the tikiwiki package.

If you need any assistance preparing or testing the ebuild, please do drop in on
<irc://irc.freenode.net/#tikiwiki> and ask - we are a friendly bunch ;)

------- Comment #1 From Michael Davey 2005-10-19 14:43:27 0000 ------- 
<http://tikiwiki.org/art118> for more information
<http://tikiwiki.org/Download> for files download

------- Comment #2 From Michael Davey 2005-10-19 14:45:15 0000 ------- 
Reassigning to webapps team.  Please email security@tikiwiki.org if you need
further security information.

Cheers,
-- 
Michael
a TikiWiki developer

------- Comment #3 From Sune Kloppenborg Jeppesen 2005-10-19 22:39:36 0000 ------- 
URL removed. Information from changelog:  
  
Version 1.9.1.1  
* [FIX] Fixed an XSS-vulnerability  
* [MOD] Improved Tiki Security Admin  
* [FIX] tweaks to fixperms.sh, /img/tracker included 
 
www-apps please bump.

------- Comment #4 From Renat Lumpau 2005-10-23 08:41:21 0000 ------- 
Bumped.

Apologies for the delay, had to sort out my PHP installation.

------- Comment #5 From Thierry Carrez (RETIRED) 2005-10-23 11:46:12 0000 ------- 
ppc: please test and mark stable

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2005-10-24 12:54:08 0000 ------- 
Stable on ppc.

------- Comment #7 From Thierry Carrez (RETIRED) 2005-10-24 14:07:06 0000 ------- 
Ready for GLSa vote

------- Comment #8 From Stefan Cornelius (RETIRED) 2005-10-24 23:38:26 0000 ------- 
When running a wiki, one should be aware that they tend to be a bit insecure,
and since this is only a XSS, i'd say no.

------- Comment #9 From Thierry Carrez (RETIRED) 2005-10-25 00:53:50 0000 ------- 
I vote yes for XSS issues on internet-facing websites, and wikis are.

------- Comment #10 From Tavis Ormandy (RETIRED) 2005-10-25 06:03:39 0000 ------- 
I would agree with DerCorny, voting NO.

------- Comment #11 From Sune Kloppenborg Jeppesen 2005-10-25 13:02:20 0000 ------- 
I vote YES, we did several previous GLSAs on these types of issues with these 
types of web apps or similar (webmail, groupware). 
 
Let the vote continue:-)

------- Comment #12 From Thierry Carrez (RETIRED) 2005-10-26 01:29:23 0000 ------- 
Beh, everyone active voted. Let's say two yes win over two no's :)

------- Comment #13 From Thierry Carrez (RETIRED) 2005-10-28 04:46:01 0000 ------- 
GLSA 200510-23
First Last Prev Next    No search results available      Search page      Enter new bug