Upstream bug: http://bugs.splitbrain.org/index.php?do=details&task_id=1853 fixed in new version 20091225c http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2009-12-25c.tgz Reproducible: Always
Hey Lance, Thanks for fixing #299360; there's another security issue in it, so they've released a 20091225c version. Since you were last to touch it, I figured I'd make sure you were in the loop.
(In reply to comment #1) > Hey Lance, > > Thanks for fixing #299360; there's another security issue in it, so they've > released a 20091225c version. Since you were last to touch it, I figured I'd > make sure you were in the loop. > +*dokuwiki-20091225c (19 Jan 2010) + + 19 Jan 2010; Lance Albertson <ramereth@gentoo.org> + +dokuwiki-20091225c.ebuild: + Version bump requested in #301310 for cross-site request forgeries exploit + found in 20091225b + Thanks for reporting.
CVE-2010-0287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0287): Directory traversal vulnerability in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to list the contents of arbitrary directories via a .. (dot dot) in the ns parameter. CVE-2010-0288 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0288): A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. CVE-2010-0289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0289): Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.
Lance, can we go stable with 20091225c?
(In reply to comment #4) > Lance, can we go stable with 20091225c? Yes, we should. Go ahead or I can later today.
Arches, please test and mark stable: =www-apps/dokuwiki-20091225c Target keywords : "amd64 ppc sparc x86"
x86 stable
amd64 stable
Marked ppc stable.
sparc stable
Any reason this can't be marked closed?
Vote: YES.
No GLSAs for webapps, closing.
Oops, actually we don't do GLSAs for XSS in webapps only, reopening.
This is worse than XSS, so YES, request filed.
This is no longer in portage. Can probably closed: Didn't fix.
CVE-2011-3727 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3727): DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by lib/tpl/index.php and certain other files.
(In reply to comment #16) > This is no longer in portage. Can probably closed: Didn't fix. I concur, this can be closed.
This issue was resolved and addressed in GLSA 201301-07 at http://security.gentoo.org/glsa/glsa-201301-07.xml by GLSA coordinator Stefan Behte (craig).