Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372283 (CVE-2011-2510) - <www-apps/dokuwiki-20110525a: Persistent XSS Vulnerability (CVE-2011-2510)
Summary: <www-apps/dokuwiki-20110525a: Persistent XSS Vulnerability (CVE-2011-2510)
Status: RESOLVED FIXED
Alias: CVE-2011-2510
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://www.freelists.org/post/dokuwik...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-19 18:01 UTC by Tomas Caithaml
Modified: 2011-08-19 17:05 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomas Caithaml 2011-06-19 18:01:40 UTC 
The upstream published a new release 2011-05-25a on 14th of June. 
Please add it to the portage tree.

Reproducible: Always
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-07-04 05:19:09 UTC 
This release fixes a persistent XSS vulnerability as well. Please bump.

Commit with fix:
https://github.com/splitbrain/dokuwiki/commit/b52b15965611fc865058c0331b55e4e9bccabd2e

Upstream announcement:
http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind
Comment 2 Lance Albertson (RETIRED) gentoo-dev 2011-07-14 16:26:11 UTC 
Bumped in portage.
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 21:21:14 UTC 
(In reply to comment #2)
> Bumped in portage.

Great, thanks.

Arches, please test and mark stable:
=www-apps/dokuwiki-20110525a
Target keywords : "amd64 x86"
Comment 4 Agostino Sarubbo gentoo-dev 2011-08-17 22:41:55 UTC 
amd64 ok
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2011-08-17 23:01:16 UTC 
amd64 done. Thanks Agostino
Comment 6 Thomas Kahle (RETIRED) gentoo-dev 2011-08-19 16:29:03 UTC 
x86 stable. Thanks
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2011-08-19 17:05:46 UTC 
Thanks, folks. Closing noglsa for XSS.