unpushed

dokuwiki-0-0.24.20140929c.el7

FEDORA-EPEL-2015-1087 created by atkac 9 years ago for Fedora EPEL 7

This update fixes CVE-2015-2172

  • There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules. Update to the 2014-09-29b release which contains various fixes, notably:

Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: * dokuwiki requires php-xml (#1061477) * wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: * dokuwiki requires php-xml (#1061477) * wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: * dokuwiki requires php-xml (#1061477) * wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: * dokuwiki requires php-xml (#1061477) * wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

This update adds dokuwiki package to EPEL7

This update has been submitted for testing by atkac.

9 years ago

This update is currently being pushed to the Fedora EPEL 7 testing updates repository.

9 years ago

This update has been pushed to testing

9 years ago
User Icon avij commented & provided feedback 9 years ago
karma

dokuwiki requires php-email-address-validation, which is not available. Please do not push this update to stable before this dependency issue has been resolved.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

9 years ago
User Icon rdieter commented & provided feedback 7 years ago

php-email-address-validation is now available, so dokuwiki is installable now. maintainer, please do something here, either push stable or revoke the update... but leaving it in testing forever isn't useful.

This update has been unpushed.


Please login to add feedback.

Metadata
Type
security
Karma
-1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Thresholds
Minimum Karma
+1
Minimum Testing
7 days
Dates
submitted
9 years ago
in testing
9 years ago
BZ#1061477 wiki:syntax page requires php-xml to render
0
0
BZ#1064524 Wrong SELinux type in dokuwiki-selinux package
0
0
BZ#1101095 New release available - 2014-05-05 "Ponder Stibbons"
0
0
BZ#1150133 dokuwiki: various security flaws [fedora-all]
0
0
BZ#1150134 dokuwiki: various security flaws [epel-all]
0
0
BZ#1161816 dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
0
0
BZ#1164394 Add dokuwiki to epel7
0
0
BZ#1164396 dokuwiki requires apache
0
0
BZ#1166099 CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
0
0
BZ#1174331 CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
0
0
BZ#1174332 CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
0
0
BZ#1174333 CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
0
0
BZ#1197822 CVE-2015-2172 dokuwiki: privilege escalation in RPC API
0
0

Automated Test Results