Bug 23539

Summary: dokuwiki new security issues CVE-2016-7964, CVE-2016-7965, CVE-2017-12583, CVE-2017-12979, CVE-2017-12980, CVE-2017-18123
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: cazzaniga.sandro, joequant, marja11, mhrambo3501
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: dokuwiki-20170219-4.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-09-07 19:32:29 CEST 
Fedora has issued an advisory on September 6:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IU2HDQATJGCT4PFNU5MG6KG37PPXT5QC/

The issues are fixed upstream in 20180422a:
https://www.dokuwiki.org/changes

Mageia 5 is also affected.
Comment 1 Marja Van Waes 2018-09-08 13:26:16 CEST 
Assigning to all packagers collectively, since the registered maintainer for this package is currently unavailable.

CC'ing joequant, who recently pushed this package, and kharec who once imported it into Mageia.


@ Kharec

Just in case you find time again to contribute a little: if your password wasn't reset since the end of February, then a sysadmin needs to reset it first.
If the ssh key that you used to commit is a dsa key, then a sysadmin needs to
replace your public key in identity with the public rsa key that you provide to
him.

You can privately mail all our sysadmins by sending a mail to sysadmin AT group
DOT mageia DOT org

CC: (none) => joequant, marja11, sandro
Assignee: bugsquad => pkg-bugs

Comment 2 Mike Rambo 2019-11-06 13:35:50 CET 
Mageia 6 is EOL.

CC: (none) => mrambo
Resolution: (none) => OLD
Status: NEW => RESOLVED