Your message dated Fri, 16 Jun 2006 12:30:00 +0300
with message-id <[EMAIL PROTECTED]>
and subject line done
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: dokuwiki
Severity: critical
I just got this notice via freshmeat. Arbitrary code execution,
remotely exploitable. No assigned CVE number, yet.
Cheers,
-Hilko
-------------------- Start of forwarded message --------------------
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [fmII] Serious security flaw in DokuWiki
Message-Id: <[EMAIL PROTECTED]>
Date: Sun, 4 Jun 2006 11:35:38 -0700 (PDT)
This is an email sent to you by the owners of the freshmeat.net project
record for DokuWiki. All URLs and other useful information can be found
at
http://freshmeat.net/projects/dokuwiki/
________________________| Subscriber message |_________________________
Sent by: Andreas Gohr
http://freshmeat.net/~agohr/
Hello everybody!
Bad news: Stefan Esser from the Hardened-PHP project found a security
problem in DokuWiki's spellchecking backend which allows insertion of
arbitrary PHP code. This is a serious flaw and you should fix this
immediatly.
Users who don't use the spellchecking feature can fix the bug by simply
deleting the lib/exe/spellcheck.php file.
Detailed infos on how to fix the problem properly are available at
http://bugs.splitbrain.org/?do=details&id=823
The package available for download at
http://www.splitbrain.org/go/dokuwiki was fixed for this bug and another
minor XSS bug described at http://bugs.splitbrain.org/?do=details&id=820
Regards,
Andi
__________________________| End of message |___________________________
[...]
-------------------- End of forwarded message --------------------
--- End Message ---
--- Begin Message ---
Version: 0.0.20060309-4
--- End Message ---