A CVE has been assigned for an issued fixed upstream in 20140929b:
This was from a security hotfix:
Mageia 4 is also affected.
Steps to Reproduce:
Updated and submitted to Cauldron. Will prepare an advisory for Mga4 soon.
I have uploaded a updated dokuwiki package for Mageia 4.
Updated dokuwiki package fix a security vulnerability:
Our current dokuwiki-20140929-1.1.mga4 package uses dokuwiki-2014-09-29a source which allows swf (application/x-shockwave-flash) uploads by default. This may be used for Cross-site scripting (XSS) attack which enables attackers to inject client-side script into Web pages viewed by other users. (CVE-2014-9253).
This update uses dokuwiki-2014-09-29b hotfix source which disables swf uploads by default and fixes the issue.
Updated packages in core/updates_testing:
Works fine on Mageia 4 i586.
MGA4-64 on HP Probook 6555b
Dokuwiki Installer opens, I did notgo any further
Validating. Advisory uploaded.
Please push to 4 updates
MGA4-32-OK MGA4-64-OK =>
advisory MGA4-32-OK MGA4-64-OKKeywords:
An update for this issue has been pushed to Mageia Updates repository.
(In reply to Mageia Robot from comment #6)
> An update for this issue has been pushed to Mageia Updates repository.
The title of that page spelled the package name incorrectly.