Summary: | <www-apps/dokuwiki-20140929d: multiple vulnerabilities (CVE-2015-2172) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jmbsvicetto, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.dokuwiki.org/changes | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-03-23 13:57:03 UTC
17:42 < gentoovcs> jmbsvicetto → gentoo-x86 (www-apps/dokuwiki/) Security bump - fixes bug 544224. @arch teams: please add keywords for www-apps/dokuwiki-20140929d. Target keywords "amd64 ~ppc ~sparc x86". amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. 10:53 < gentoovcs> jmbsvicetto → gentoo-x86 (www-apps/dokuwiki/) Security clean-up. Done CVE-2015-2172 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2172): DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permission for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes GLSA Vote: No GLSA vote: no. |