First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 272431
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Philippe Chaintreuil <gentoo_bugs_peep@parallaxshift.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
dokuwiki-20090214b.ebuild Proposed ebuild text/plain Philippe Chaintreuil 2009-06-24 15:01 0000 1.56 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 272431 depends on: Show dependency tree
Bug 272431 blocks: 259624

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2009-06-03 13:48 0000 
DokuWiki has released a patched version of their latest release to fix a "local
file inclusion" bug.

-------------------------------------------------------------------------------
A security hole was discovered which allows an attacker to include arbitrary
files located on the attacked DokuWiki installation. The included file is
executed in the PHP context. This can be escalated by introducing malicious
code through uploading file via the media manager or placing PHP code in
editable pages.
-------------------------------------------------------------------------------
[ from http://bugs.splitbrain.org/index.php?do=details&task_id=1700 ]

This replaces dokuwiki-2009-02-14, so this bug can replace the 4-month old
Gentoo bug #259624.

This is probably a simple version bump of the latest ebuild, so it shouldn't be
hard to fix.

------- Comment #1 From Pierre-Yves Rofes 2009-06-03 14:29:06 0000 ------- 
Setting whiteboard. Maintainer, please bump as necessary.

------- Comment #2 From Christian Hoffmann 2009-06-03 16:16:28 0000 ------- 
Shouldn't this be assigned to security? Doing so...
Shouldn't this be C1, as this is a remote code execution issue? Changing from
C3, also raising Severity from minor to major as such.
Also changing summary to match the other sec bugs' style.

------- Comment #3 From Alex Legler 2009-06-06 20:53:33 0000 ------- 
======================================================
Name: CVE-2009-1960
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1960

inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30,
when register_globals is enabled, allows remote attackers to include
and execute arbitrary local files via the
config_cascade[main][default][] parameter to doku.php.  NOTE: PHP
remote file inclusion is also possible in PHP 5 using ftp:// URLs.

------- Comment #4 From Philippe Chaintreuil 2009-06-22 18:43:59 0000 ------- 
Ping.

Any movement on this?  It's been almost three weeks since this has been
submitted.

------- Comment #5 From Philippe Chaintreuil 2009-06-24 15:01:54 0000 ------- 
Created an attachment (id=195663) [details]
Proposed ebuild

I've attached a proposed ebuild for dokuwiki-20090214b.  It ignores the issues
brought up in #259624 about "EAPI=2 rework" (security presses more than
upgrades), but needed to go a little further than just a rename of the ebuild:

The source tarball is named with the trailing 'b', but it extracts into a
directory without it.  In src_unpack(), there was an existing rename of the
folder, I just had it not use a variation of MY_PV instead of the previous use
of MY_PV.

I don't mess with ebuilds much, so someone should double check my changes.  I
have this installed and it seems to work for me.

------- Comment #6 From Philippe Chaintreuil 2009-06-24 15:05:53 0000 ------- 
Oh, and before that ebuild gets checked in to the tree, the arch keywords
should get fixed.

------- Comment #7 From Sebastian Pipping 2009-06-29 01:20:18 0000 ------- 
I'm waiting for a bump, too.

Anything besides the keywords in the way?

------- Comment #8 From Alex Legler 2009-06-29 09:16:14 0000 ------- 
Arches, please test and mark stable:
=www-apps/dokuwiki-20090214b
Target keywords : "amd64 ppc sparc x86"
Already stabled : "amd64"
Missing keywords: "ppc sparc x86"

+*dokuwiki-20090214b (29 Jun 2009)
+
+  29 Jun 2009; Alex Legler <a3li@gentoo.org> -dokuwiki-20080505.ebuild,
+  +dokuwiki-20090214b.ebuild:
+  Non-maintainer commit: Version bump for security bug 272431. amd64 stable.
+  Thanks to Philippe Chaintreuil for proposing an updated ebuild. Removing
+  vulnerable version in ~arch.
+

------- Comment #9 From Christian Faulhammer 2009-06-29 13:54:38 0000 ------- 
x86 stable

------- Comment #10 From Raúl Porcel 2009-06-30 14:08:57 0000 ------- 
sparc stable

------- Comment #11 From Robert Buchholz 2009-07-18 17:21:25 0000 ------- 
ppc, ping

------- Comment #12 From nixnut 2009-07-19 18:42:03 0000 ------- 
ppc stable.

------- Comment #13 From Alex Legler 2009-07-19 18:47:40 0000 ------- 
Request filed.

------- Comment #14 From Alex Legler 2009-08-18 21:42:00 0000 ------- 
GLSA 200908-09
First Last Prev Next    No search results available      Search page      Enter new bug