Package: dokuwiki Severity: grave Tags: security Justification: user security hole
DokuWiki can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. CVE-2006-5098: lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image. CVE-2006-5099: lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
