Bug#370369: marked as done (dokuwiki: CVE-2006-2878: remote arbitrary code execution)

Fri, 16 Jun 2006 03:15:26 -0700 

Your message dated Fri, 16 Jun 2006 12:30:00 +0300
with message-id <[EMAIL PROTECTED]>
and subject line done
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: dokuwiki
Severity: critical

I just got this notice via freshmeat. Arbitrary code execution,
remotely exploitable. No assigned CVE number, yet.

Cheers,
-Hilko

-------------------- Start of forwarded message --------------------
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: [fmII] Serious security flaw in DokuWiki
Message-Id: <[EMAIL PROTECTED]>
Date: Sun,  4 Jun 2006 11:35:38 -0700 (PDT)

This is an email sent to you by the owners of the freshmeat.net project
record for DokuWiki. All URLs and other useful information can be found
at

    http://freshmeat.net/projects/dokuwiki/

________________________| Subscriber message |_________________________

Sent by: Andreas Gohr 
         http://freshmeat.net/~agohr/

Hello everybody!

Bad news: Stefan Esser from the Hardened-PHP project found a security
problem in DokuWiki's spellchecking backend which allows insertion of
arbitrary PHP code. This is a serious flaw and you should fix this
immediatly.

Users who don't use the spellchecking feature can fix the bug by simply
deleting the lib/exe/spellcheck.php file.

Detailed infos on how to fix the problem properly are available at
http://bugs.splitbrain.org/?do=details&id=823

The package available for download at
http://www.splitbrain.org/go/dokuwiki was fixed for this bug and another
minor XSS bug described at http://bugs.splitbrain.org/?do=details&id=820

Regards,
Andi 
__________________________| End of message |___________________________

[...]

-------------------- End of forwarded message --------------------

--- End Message ---
--- Begin Message --- 
Version: 0.0.20060309-4

--- End Message ---

Reply via email to