[ Emanuele Gentili ]
* SECURITY UPDATE: (LP: #180702)
+ CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php
in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or
HTML via the area_name parameter.
+ CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki
before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and
modified filename in the movie parameter.
+ CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have
unknown impact and attack vectors involving tiki-edit_css.php,
tiki-g-admin_shared_source.php.
* debian/patches/91_CVE-2007-6526_CVE-2007-6528_CVE-2007-6529.dpatch
- Applied patch by upstream
* References
- CVE-2007-6526
- CVE-2007-6528
- CVE-2007-6529
[ Jamie Strandboge ]
* Use dash-compliant syntax in debian/rules
This bug was fixed in the package tikiwiki - 1.9.7+dfsg- 1ubuntu1. 2
--------------- dfsg-1ubuntu1. 2) feisty-security; urgency=low
tikiwiki (1.9.7+
[ Emanuele Gentili ] chars.php g-admin_ shared_ source. php. patches/ 91_CVE- 2007-6526_ CVE-2007- 6528_CVE- 2007-6529. dpatch
* SECURITY UPDATE: (LP: #180702)
+ CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_
in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or
HTML via the area_name parameter.
+ CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki
before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and
modified filename in the movie parameter.
+ CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have
unknown impact and attack vectors involving tiki-edit_css.php,
tiki-
* debian/
- Applied patch by upstream
* References
- CVE-2007-6526
- CVE-2007-6528
- CVE-2007-6529
[ Jamie Strandboge ]
* Use dash-compliant syntax in debian/rules
-- Emanuele Gentili <email address hidden> Sun, 17 Feb 2008 18:12:35 +0100