A new release of TikiWiki is now available on SourceForge.net: version 1.9.1.1 for the 1.9 -Sirius- branch. This maintainance release includes fixes for a recently identified security flaw. Reproducible: Always Steps to Reproduce: 1. 2. 3. 1.9.1.1 is available as a patch tarball to be applied over version 1.9.1 and as a complete distribution. Additionally, the Tiki community have recently marked the 1.9 branch as stable and fit for production use, thus 1.9.1.1 should ideally be the default (unmasked) target for an emerge of the tikiwiki package. If you need any assistance preparing or testing the ebuild, please do drop in on <irc://irc.freenode.net/#tikiwiki> and ask - we are a friendly bunch ;)
<http://tikiwiki.org/art118> for more information <http://tikiwiki.org/Download> for files download
Reassigning to webapps team. Please email security@tikiwiki.org if you need further security information. Cheers, -- Michael a TikiWiki developer
URL removed. Information from changelog: Version 1.9.1.1 * [FIX] Fixed an XSS-vulnerability * [MOD] Improved Tiki Security Admin * [FIX] tweaks to fixperms.sh, /img/tracker included www-apps please bump.
Bumped. Apologies for the delay, had to sort out my PHP installation.
ppc: please test and mark stable
Stable on ppc.
Ready for GLSa vote
When running a wiki, one should be aware that they tend to be a bit insecure, and since this is only a XSS, i'd say no.
I vote yes for XSS issues on internet-facing websites, and wikis are.
I would agree with DerCorny, voting NO.
I vote YES, we did several previous GLSAs on these types of issues with these types of web apps or similar (webmail, groupware). Let the vote continue:-)
Beh, everyone active voted. Let's say two yes win over two no's :)
GLSA 200510-23
