From http://bugs.splitbrain.org/index.php?do=details&task_id=1195 ----------------------------------------------------------------------------- Compass Security discovered an XSS vulnerability in DokuWiki's spellchecker backend. The spellchecker tests the UTF-8 capabilities of the used browser by sending an UTF-8 string to the backend, which will send it back unfiltered. By comparing string length the spellchecker can work around broken implementations. An attacker could construct a form to let users send JavaScript to the spellchecker backend, resulting in malicious JavaScript being executed in their browser. Affected are all versions up to and including 2007-06-26 even when the spell checker is disabled. The vulnerability is only exploitable with Microsoft Internet Explorer (because of its broken MIME handling) other browsers will not execute the JavaScript sent back. A new updated release 2007-06-26b was made available at http://www.splitbrain.org/go/dokuwiki You may fix the problem yourself by replacing the spell_utf8test() function in lib/exe/spellcheck.php with the following code: function spell_utf8test(){ print substr($_POST['data'],0,3); } If you fix it yourself you should increase the number in conf/msg to 10 for disabling update notification for this issue. ----------------------------------------------------------------------------- Reproducible: Always - We need a new ebuild for 2007-06-26b - 2007-06-26 and before should probably be masked for security reasons.
Thanks for the report Philippe. setting status and cc'ing maintainer, please bump as necessary.
Sorry guys, I was unexpectedly offline for the weekend. 20070626b is in CVS now, along with a small ebuild fix.
x86 please test and mark dokuwiki-20070626b.ebuild stable.
Tested on several different app configs, works fine. Stable on x86.
Thanks ticho. Time for GLSA decision. According to the URL, the only vulnerable browser is MSIE, so voting NO.
Voting NO and closing.
