Fedora has issued an advisory today (September 20): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/ The issue is fixed upstream in 2022-07-31a: https://www.dokuwiki.org/changes#release_2022-07-31a_igor Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 2022-07-31aWhiteboard: (none) => MGA8TOO
Assigning to our registered dokuwiki maintainer.
Assignee: bugsquad => joequantCC: (none) => marja11
Suggested advisory: ======================== The updated package fixes a security vulnerability: Cross-site Scripting (XSS) - Reflected in GitHub repository splitbrain/dokuwiki prior to 2022-07-31a. (CVE-2022-3123) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3123 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LLNV7GYZPGLIKBLISVQUREQXE3WHI5R2/ https://www.dokuwiki.org/changes#release_2022-07-31a_igor ======================== Updated package in core/updates_testing: ======================== dokuwiki-20220731-1.mga8 from SRPM: dokuwiki-20220731-1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8Status comment: Fixed upstream in 2022-07-31a => (none)Assignee: joequant => qa-bugsCC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDCVE: (none) => CVE-2022-3123
MGA8-64 MATE on Acer Aspire 5253 No installation issues. Made sure httpd is running. Followed editing /etc/httpd/conf/httpd.conf as described in bug 20431 Comment 2, restarted httpd and pointed to http://localhost/dokuwiki and this brings up a startpage Dokuwiki mentioning "This topic does not exist yet You've followed a link to a topic that doesn't exist yet. If permissions allow, you may create it by clicking on “Create this page”." Did that, just entered some nonsense text into it, closed the page and reopened the page, the text was there OK
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0372.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED