Bug 22323

Summary: [Update Request] Security Fix dokuwiki-20170219-4.mga6
Product: Mageia Reporter: Atilla ÖNTAŞ <tarakbumba>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: herman.viaene, sysadmin-bugs
Version: 6Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA6-64-OK
Source RPM: dokuwiki-20170219-4.mga6.src.rpm CVE:
Status comment:

Description Atilla ÖNTAŞ 2018-01-05 19:07:49 CET
Suggested advisory:
========================
dokuwiki is patched in order to fix a security issue:

DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php and updated package is fixed by added patch from upstream.

References
========================
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12583
https://github.com/splitbrain/dokuwiki/issues/2061

Updated packages in core/updates_testing:
========================
dokuwiki-20170219-4.1.mga6

SRPMS:
========================
dokuwiki-20170219-4.1.mga6.src.rpm
Comment 1 Herman Viaene 2018-01-10 15:25:55 CET
MGA6-32 on Lenovo B50 Plasma
No istallation issues
Ref to bug 20431, restarted httpd and pointed browser then to  http://localhost/dokuwiki
and this brings up a startpage Dokuwiki mentioning
"This topic does not exist yet

You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”."
That looks sensible to me.
Created some text,saved it and checked this now shows up when pointing to the site again. Seems OK.

Whiteboard: (none) => MGA6-64-OK
CC: (none) => herman.viaene

Comment 2 Herman Viaene 2018-01-10 16:36:03 CET
MGA6-64
David Walser 2018-01-10 22:11:19 CET

Component: RPM Packages => Security
QA Contact: (none) => security

Lewis Smith 2018-01-11 09:26:50 CET

Keywords: (none) => advisory, validated_update
CC: (none) => sysadmin-bugs

Comment 3 Mageia Robot 2018-01-11 20:37:34 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2018-0067.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED