tikiwiki is affected by CVE-2008-1066. Upstream is informed and will update with the next version.
Thanks for the report.
tikiwiki-1.9.11 is in the tree but it actually still contains smarty-2.6.18.
Why did you add ppc then, if this but is no fixed?
Sorry, my mistake. I bumped the package, emerged it, started commenting on the bug, checked the install and only then realized that they didn't bump smarty. So I finished commenting on the bug but forgot that I already added ppc. fixed.
What is the plan for this? Tikiwiki 1.9.11 is the latest version upstream and so presumably still contains the vulnerable version of smarty?
2.0 is fixed and contains some other vulnerabilities fixed.
CVE-2008-3653 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3653): Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors. CVE-2008-3654 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3654): Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.
Added tikiwiki-2.0 to the tree. Targets: ppc
Arches, please test and mark stable: =www-apps/tikiwiki-2.0 Target keywords : "ppc"
ppc stable
glsa with #212147
Removed vulnerable versions. webapps done.
Do we need a glsa on this? I think no and as 2.2 is in the tree and no older versions, could we then close this?
No GLSA will be sent.