Summary: | www-apps/tikiwiki: mysql password disclosure & xss | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://archives.neohapsis.com/archives/bugtraq/2006-11/0014.html | ||
Whiteboard: | B3/4 [glsa] vorlon | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2006-11-02 07:54:40 UTC
http://dev.tikiwiki.org/tiki-view_tracker_item.php?itemId=927&trackerId=5 - fixed for 1.9 CVS - xss vulnerability fixed merge into 1.10 on the way 1.9.6 in CVS, needs ppc lovin' ppc stable, this one's ready for GLSA decision. security please vote Hm, I would not want my users know my database credentials. I know some bigger organizations that use Tikiwiki for their Intranets, so I guess I'll say "yes" here. Voting YES. Let's have GLSA on this one. GLSA 200611-11 |