Your message dated Fri, 13 Jul 2018 13:04:23 +0000 with message-id <e1fdxkf-0009he...@fasolo.debian.org> and subject line Bug#889281: fixed in dokuwiki 0.0.20160626.a-2.1 has caused the Debian Bug report #889281, regarding dokuwiki: CVE-2017-18123: reflected file download vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 889281: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889281 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: dokuwiki Version: 0.0.20160626.a-2 Severity: important Tags: patch security upstream Forwarded: https://github.com/splitbrain/dokuwiki/issues/2029 Control: found -1 0.0.20140505.a+dfsg-4 Hi, the following vulnerability was published for dokuwiki. CVE-2017-18123[0]: | The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e | does not properly encode user input, which leads to a reflected file | download vulnerability, and allows remote attackers to run arbitrary | programs. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-18123 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18123 [1] https://github.com/splitbrain/dokuwiki/issues/2029 [2] https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: dokuwiki Source-Version: 0.0.20160626.a-2.1 We believe that the bug you reported is fixed in the latest version of dokuwiki, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 889...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Reinhard Tartler <siret...@tauware.de> (supplier of updated dokuwiki package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 07 Jul 2018 11:59:53 -0400 Source: dokuwiki Binary: dokuwiki Architecture: source Version: 0.0.20160626.a-2.1 Distribution: unstable Urgency: medium Maintainer: Tanguy Ortolo <tanguy+deb...@ortolo.eu> Changed-By: Reinhard Tartler <siret...@tauware.de> Description: dokuwiki - standards compliant simple to use wiki Closes: 866245 889281 894018 Changes: dokuwiki (0.0.20160626.a-2.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2017-18123: fix remote code execution through reflected file download. Originally prepared by Antoine Beaupré <anar...@debian.org> (Closes: #889281) * Fix loading of css (Closes: #894018) * Fix 'Invalid argument supplied for foreach() .../lib/exe/js.php' (Closes: #866245) Checksums-Sha1: 560bbfaaed5ab915f8510ab2de5c37630728a204 2179 dokuwiki_0.0.20160626.a-2.1.dsc bef662543580069e1f39cea4bd2002f5126c9078 97604 dokuwiki_0.0.20160626.a-2.1.debian.tar.xz Checksums-Sha256: 57625259b66bd7dbd6636559b01b8fc15c42f3c99a097b9a3a8be71f6d570c23 2179 dokuwiki_0.0.20160626.a-2.1.dsc 95c00ab762c7547c871696569ce22554be5c03d795b1785290592e15eb62b325 97604 dokuwiki_0.0.20160626.a-2.1.debian.tar.xz Files: bce750584abedb30f75964de9a5c1cb5 2179 web optional dokuwiki_0.0.20160626.a-2.1.dsc eb901084dc1a92bcdf4821654eecda9d 97604 web optional dokuwiki_0.0.20160626.a-2.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEE6n5rckvJ+/LRcetya3IL6cXPbZ4FAltCA5gUHHNpcmV0YXJ0 QHRhdXdhcmUuZGUACgkQa3IL6cXPbZ6cbw//aKQ/I0stte8eAvNtR6ddcJasSiQT vJilJ9OfYbb+2cjMg8Esail9HJHUh4NLRrxmlTzIqktMMWoMFWfFY4GgQ45OZdLQ VzVP8y3b3WDxC+4NosuZhputcZOWO1BzCDi4OntWJ2AHtPQwR1DWMZk9BF+pDEet bntApPEJhZf9t4ivptSOXKiIj6arMPZUGYm8bif85FK/JK1mT1fs2S4uIqCXz8KI Xl9l5s1FDsBCWNDQwdERC/Pr6xjZeWGKFOiZvUEcOYlrNWzrn/yrKLpvF0WqKBsn GijAoyvT6qm2NzFU3wnsZ0PAiGC1hmwEklzPQ2ylx65UAnweHoJaCH4o/1BiqbNL Q+3Hkrc4eC8K/XK4nYGgUmWrgMNzfpZC5sIguVZQLdM4FzVGWKGdCXfbZ2EYMjP+ eFLQO0CSv5q9W15EyaUAwHGmDRCUydXuay2AaPKSirfdR1bciI+UqyWtOuSCHvKw QFF1qra+X8r6/uQ0+o1YATxrlTN29IycYqWwki0w+qQGc/OiduS3EsjT8zzJO4FN Jqh/pPBqXmtL/U7uruTlQ15GI+LpaRKVUYu6NJqxfY5XuMSc4aojHW1GJ2YABcW3 rE7KPMgnUF4hvZIrJJ3VB7bJcFwgkJYlS9haXabacdOiOhUKH1Hpk1ObFnzhnFDS OmcvKwZdIGgmPbI= =p8ff -----END PGP SIGNATURE-----
--- End Message ---
