Marcus Better wrote: > Package name : tikiwiki > Version : 1.9.2
http://moritz-naumann.com/adv/0003/tikiw/0003.txt Is this fixed in your package, the advisory says that 1.9.2 is affected as well? (The path disclosure is not an issue, but the XSS could be) Given that there've been four vulnerabilities in TikiWiki for 2005 alone, does upstream have a reasonable security policy, e.g. by documenting problems properly and not just dumping out an undocumented tarball like many other PHP apps? Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
