From ${URL} : Release 2014-09-29d "Hrun" It's now possible to customize single strings of the localization New history function to see how a wiki looked at a certain time (no user interface yet, details at date at) Security fix for AD/LDAP auth plugin related problem (Details here) Some caching in the database auth plugins Improved CLI interface for better command line tools Support for external Audio/Video sources Various improvements and bug fixes Note: When you had disabled the 'compress' config setting, you would enable it again since this release. Hotfix 2014-09-29a: fixes for login problems caused by certain PCRE versions and changes in the recent Chrome release Security Hotfix 2014-09-29b: prevents XSS attack via SWF uploads Security Hotfix 2014-09-29c: fixes privilege escalation in RPC API Security Hotfix 2014-09-29d: fixes a XSS vulnerability in the user manager Release 2014-05-05e "Ponder Stibbons" Extension Manager Audio & video support New and more file icons (as e.g. seen on mime) Show login form at denied access Show a domain dropdown when multiple AD domains are configured Added user page linking by adding the showuseras config option: “Full name as interwiki user link”. Configurable via the interwiki configuration Added a more versatile Revision selection to the diff page of articles :!: Fallback of old date format removed: early wikis need to update their dformat config setting :!: When the layout seems broken, you may be affected by an issue in the CSS compressor. Please try disabling the 'compress' config setting. Hotfix Security Hotfix 2014-05-05a for Issue 765. Security Hotfix 2014-05-05b for AD/LDAP auth plugin related problem (Details here) Security Hotfix 2014-05-05c: prevents XSS attack via SWF uploads Security Hotfix 2014-05-05d: fixes privilege escalation in RPC API Security Hotfix 2014-05-05e: fixes a XSS vulnerability in the user manager @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
17:42 < gentoovcs> jmbsvicetto → gentoo-x86 (www-apps/dokuwiki/) Security bump - fixes bug 544224. @arch teams: please add keywords for www-apps/dokuwiki-20140929d. Target keywords "amd64 ~ppc ~sparc x86".
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
10:53 < gentoovcs> jmbsvicetto → gentoo-x86 (www-apps/dokuwiki/) Security clean-up. Done
CVE-2015-2172 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2172): DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permission for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: Yes
GLSA Vote: No
GLSA vote: no.
