Suggested advisory: ======================== dokuwiki is patched in order to fix a security issue: DokuWiki through 2017-02-19b has XSS in the at parameter (aka the DATE_AT variable) to doku.php and updated package is fixed by added patch from upstream. References ======================== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12583 https://github.com/splitbrain/dokuwiki/issues/2061 Updated packages in core/updates_testing: ======================== dokuwiki-20170219-4.1.mga6 SRPMS: ======================== dokuwiki-20170219-4.1.mga6.src.rpm
MGA6-32 on Lenovo B50 Plasma No istallation issues Ref to bug 20431, restarted httpd and pointed browser then to http://localhost/dokuwiki and this brings up a startpage Dokuwiki mentioning "This topic does not exist yet You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”." That looks sensible to me. Created some text,saved it and checked this now shows up when pointing to the site again. Seems OK.
Whiteboard: (none) => MGA6-64-OKCC: (none) => herman.viaene
MGA6-64
Component: RPM Packages => SecurityQA Contact: (none) => security
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0067.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED