Hi, On Tue, Oct 28, 2014 at 02:26:48PM +0100, Tanguy Ortolo wrote: > package dokuwiki > fixed 766545 dokuwiki/0.0.20140929.a-1 > thanks > > Moritz Muehlenhoff, 2014-10-23 23:11+0200: > >Hi Tanguy, > >CVE-2014-8763/CVE-2014-8764 have been assigned to this: > >http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication > > > >There was also a CVE assignment for this issue, which is > >already fixed in jessie: > >https://github.com/splitbrain/dokuwiki/issues/765 > > No it is not fixed in Jessie. That is, it is now, or rather, it will be when > the version 0.0.20140929.a-1 I have just uploaded will reach testing.
Is this right about the last one? The whole CVE assignment for all four CVEs is at https://marc.info/?l=oss-security&m=141347568722364&w=2 . CVE-2014-8761 and CVE-2014-8762 seem to be assigned to issues found in https://github.com/splitbrain/dokuwiki/issues/765 which were fixed in the hotfix release 2014-05-05a. Then there were two additional CVEs CVE-2014-8763 and CVE-2014-8764 which are for problems uncovered in http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

