FEDORA-EPEL-2015-1087

security update in Fedora EPEL 7 for dokuwiki

Status: unpushed

This update fixes CVE-2015-2172

  • There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules. Update to the 2014-09-29b release which contains various fixes, notably:

Security: CVE-2014-9253 - XSS via SFW file upload CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: dokuwiki requires php-xml (#1061477) wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: CVE-2014-9253 - XSS via SFW file upload CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: dokuwiki requires php-xml (#1061477) wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: CVE-2014-9253 - XSS via SFW file upload CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: dokuwiki requires php-xml (#1061477) wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

Update to the 2014-09-29b release which contains various fixes, notably:

Security: CVE-2014-9253 - XSS via SFW file upload CVE-2012-6662 - jquery-ui XSS vulnerability

Bugfixes: dokuwiki requires php-xml (#1061477) wrong SELinux file context for writable files/directories (#1064524) * drop httpd requirement (#1164396)

This update adds dokuwiki package to EPEL7

Comments 7

This update has been submitted for testing by atkac.

This update is currently being pushed to the Fedora EPEL 7 testing updates repository.

This update has been pushed to testing

dokuwiki requires php-email-address-validation, which is not available. Please do not push this update to stable before this dependency issue has been resolved.

karma: -1

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

php-email-address-validation is now available, so dokuwiki is installable now. maintainer, please do something here, either push stable or revoke the update... but leaving it in testing forever isn't useful.

This update has been unpushed.

Content Type
RPM
Status
unpushed
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
-1
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 4 years ago
in testing 4 years ago

Related Bugs 13

00 #1061477 wiki:syntax page requires php-xml to render
00 #1064524 Wrong SELinux type in dokuwiki-selinux package
00 #1101095 New release available - 2014-05-05 "Ponder Stibbons"
00 #1150133 dokuwiki: various security flaws [fedora-all]
00 #1150134 dokuwiki: various security flaws [epel-all]
00 #1161816 dokuwiki is 5 months out of date, 2 versions and 3 hotfixes behind
00 #1164394 Add dokuwiki to epel7
00 #1164396 dokuwiki requires apache
00 #1166099 CVE-2012-6662 dokuwiki: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all]
00 #1174331 CVE-2014-9253 dokuwiki: XSS via SFW file upload [fedora-all]
00 #1174332 CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-5]
00 #1174333 CVE-2014-9253 dokuwiki: XSS via SFW file upload [epel-6]
00 #1197822 CVE-2015-2172 dokuwiki: privilege escalation in RPC API

Automated Test Results