Hello, Following the instructions of the security team, I have recently uploaded new versions of my package dokuwiki for stable and oldstable, fixing a flaw in the RPC interface that allows to bypass the ACL system in some very specific cases. I am not sure that you are already aware of my upload.
Now, another flaw has been discovered some days ago, allowing to insert arbitrary JavaScript links in the following case: a wiki page references an RSS feed; this feed contains specially crafted content. These are only JavaScript links, that require users to click on it, but that can be inserted from an external control over the referenced RSS feed only. This affects both the stable and oldstable version: can I send an updated package, fixing both the ACL and the RSS problems? Regards, -- ,--. : /` ) Tanguy Ortolo <xmpp:tan...@ortolo.eu> <irc://irc.oftc.net/Elessar> | `-' Debian Maintainer \_
signature.asc
Description: Digital signature