Hi,

On Tue, Oct 28, 2014 at 02:26:48PM +0100, Tanguy Ortolo wrote:
> package dokuwiki
> fixed 766545 dokuwiki/0.0.20140929.a-1
> thanks
> 
> Moritz Muehlenhoff, 2014-10-23 23:11+0200:
> >Hi Tanguy,
> >CVE-2014-8763/CVE-2014-8764 have been assigned to this:
> >http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
> >
> >There was also a CVE assignment for this issue, which is
> >already fixed in jessie:
> >https://github.com/splitbrain/dokuwiki/issues/765
> 
> No it is not fixed in Jessie. That is, it is now, or rather, it will be when
> the version 0.0.20140929.a-1 I have just uploaded will reach testing.

Is this right about the last one? The whole CVE assignment for all
four CVEs is at
https://marc.info/?l=oss-security&m=141347568722364&w=2 .

CVE-2014-8761 and CVE-2014-8762 seem to be assigned to issues found in
https://github.com/splitbrain/dokuwiki/issues/765 which were fixed in
the hotfix release 2014-05-05a.

Then there were two additional CVEs CVE-2014-8763 and CVE-2014-8764
which are for problems uncovered in
http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication

Regards,
Salvatore


-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to