A new release of TikiWiki is now available on SourceForge.net: version 18.104.22.168
for the 1.9 -Sirius- branch.
This maintainance release includes fixes for a recently identified security flaw.
Steps to Reproduce:
22.214.171.124 is available as a patch tarball to be applied over version 1.9.1 and as
a complete distribution.
Additionally, the Tiki community have recently marked the 1.9 branch as stable
and fit for production use, thus 126.96.36.199 should ideally be the default
(unmasked) target for an emerge of the tikiwiki package.
If you need any assistance preparing or testing the ebuild, please do drop in on
<irc://irc.freenode.net/#tikiwiki> and ask - we are a friendly bunch ;)
<http://tikiwiki.org/art118> for more information
<http://tikiwiki.org/Download> for files download
Reassigning to webapps team. Please email email@example.com if you need
further security information.
a TikiWiki developer
URL removed. Information from changelog:
* [FIX] Fixed an XSS-vulnerability
* [MOD] Improved Tiki Security Admin
* [FIX] tweaks to fixperms.sh, /img/tracker included
www-apps please bump.
Apologies for the delay, had to sort out my PHP installation.
ppc: please test and mark stable
Stable on ppc.
Ready for GLSa vote
When running a wiki, one should be aware that they tend to be a bit insecure,
and since this is only a XSS, i'd say no.
I vote yes for XSS issues on internet-facing websites, and wikis are.
I would agree with DerCorny, voting NO.
I vote YES, we did several previous GLSAs on these types of issues with these
types of web apps or similar (webmail, groupware).
Let the vote continue:-)
Beh, everyone active voted. Let's say two yes win over two no's :)