Ubuntu
tikiwiki package

lp:ubuntu/feisty-security/tikiwiki

Feisty (7.04)
feisty-security

Created by James Westby on 2009-07-18 and last modified on 2009-07-18

Get this branch:: bzr branch lp:ubuntu/feisty-security/tikiwiki

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Status:: Development

Recent revisions

6. By Emanuele Gentili on 2008-02-17

[ Emanuele Gentili ]
* SECURITY UPDATE: (LP: #180702)
  + CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php
    in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or
    HTML via the area_name parameter.
  + CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki
    before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and
    modified filename in the movie parameter.
  + CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have
    unknown impact and attack vectors involving tiki-edit_css.php,
    tiki-g-admin_shared_source.php.
* debian/patches/91_CVE-2007-6526_CVE-2007-6528_CVE-2007-6529.dpatch
  - Applied patch by upstream
* References
  - CVE-2007-6526
  - CVE-2007-6528
  - CVE-2007-6529

[ Jamie Strandboge ]
* Use dash-compliant syntax in debian/rules

5. By Stephan Rügamer on 2007-11-26

* SECURITY UPDATE: (LP: #163833)
  + CVE-2007-4554: Cross-site scripting (XSS) vulnerability in
    tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows
    remote attackers to inject arbitrary web script or HTML via the username
    parameter. NOTE: this issue might be related to CVE-2006-2635.7.
  + CVE-2007-5423: Eval injection vulnerability in tiki-graph_formula.php in
    TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP
    sequences in the f array parameter.
  + CVE-2007-5682: Unspecified vulnerability in tiki-graph_formula.php in
    TikiWiki before 1.9.8.2 has unknown impact and attack vectors, a different
    vulnerability than CVE-2007-5423.
* debian/patches/90_CVE-2007-4554.dpatch:
  - Applied patch by upstream
* debian/patches/90_CVE-2007-5423_CVE-2007-5682.dpatch:
  - Applied patch by upstream
* References:
  CVE-2007-4554
  CVE-2007-5423
  CVE-2007-5682

4. By Luca Falavigna on 2007-04-10

* Depends on PHP 5 packages (LP: 96361)
* Update maintainer field in debian/control

3. By Marcus Better on 2006-11-25

* New upstream version.
- Fixes a script insertion vulnerability.
* debian/control: Added X-Vcs-* fields.

2. By Marcus Better on 2006-11-08

* New upstream version.
- Fixed security issues: CVE-2006-5702, CVE-2006-5703.
* Install README.Debian.sources, accidentally left out.

1. By Marcus Better on 2006-11-08

Import upstream version 1.9.6+dfsg

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntutikiwiki package