Processing control commands:
> retitle -1 dokuwiki: CVE-2023-34408: XSS in RSS syntax
Bug #1036279 {Done: Axel Beckert } [src:dokuwiki] XSS in RSS
syntax
Changed Bug title to 'dokuwiki: CVE-2023-34408: XSS in RSS syntax' from 'XSS in
RSS syntax'.
--
1036279: https://bugs.debian.org/cgi-bin/bug
Control: retitle -1 dokuwiki: CVE-2023-34408: XSS in RSS syntax
Hi,
On Thu, May 18, 2023 at 03:19:05PM +0200, Moritz Muehlenhoff wrote:
> Source: dokuwiki
> Version: 0.0.20220731.a-1
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team
>
> No CVE yet:
> https://huntr.dev/boun
Hi Moritz,
Moritz Muehlenhoff wrote:
> Severity: grave
Thanks for the severity assessment by the security team. I wasn't
really sure if this is RC or "just important".
I've had a look at the new upstream tar balls, but the diff is
unfortunately huge:
$ tardiff dokuwiki-2022-07-31{a,b}.tgz
- com
Source: dokuwiki
Version: 0.0.20220731.a-1
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team
No CVE yet:
https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
https://github.com/dokuwiki/dokuwiki/pull/3967
https://www.github.com/splitbrain/dokuwiki/commit/53df38b0e44658
4 matches
Mail list logo
