lp:ubuntu/gutsy-security/tikiwiki
- Get this branch:
- bzr branch lp:ubuntu/gutsy-security/tikiwiki
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 7. By Emanuele Gentili
-
* SECURITY UPDATE: (LP: #180702)
+ CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php
in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or
HTML via the area_name parameter.
+ CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki
before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and
modified filename in the movie parameter.
+ CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have
unknown impact and attack vectors involving tiki-edit_css.php,
tiki-g-admin_ shared_ source. php.
* debian/patches/ 91_CVE- 2007-6526_ CVE-2007- 6528_CVE- 2007-6529. dpatch
- Applied patch by upstream
* References
- CVE-2007-6526
- CVE-2007-6528
- CVE-2007-6529 - 6. By Stephan RĂ¼gamer
-
* SECURITY UPDATE: (LP: #163833)
+ CVE-2007-4554: Cross-site scripting (XSS) vulnerability in
tiki-remind_ password. php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows
remote attackers to inject arbitrary web script or HTML via the username
parameter. NOTE: this issue might be related to CVE-2006-2635.7.
+ CVE-2007-5423: Eval injection vulnerability in tiki-graph_formula. php in
TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP
sequences in the f array parameter.
+ CVE-2007-5682: Unspecified vulnerability in tiki-graph_formula. php in
TikiWiki before 1.9.8.2 has unknown impact and attack vectors, a different
vulnerability than CVE-2007-5423.
* debian/patches/ 90_CVE- 2007-4554. dpatch:
- Applied patch by upstream
* debian/patches/ 90_CVE- 2007-5423_ CVE-2007- 5682.dpatch:
- Applied patch by upstream
* References:
CVE-2007-4554
CVE-2007-5423
CVE-2007-5682 - 5. By Luca Falavigna
-
* Merge from Debian unstable. Remaining Ubuntu changes:
- Depends on PHP 5 packages
- Update maintainer field in debian/control
* Use dash-compliant syntax in debian/rules - 4. By Luca Falavigna
-
* Depends on PHP 5 packages (LP: 96361)
* Update maintainer field in debian/control - 3. By Marcus Better
-
* New upstream version.
- Fixes a script insertion vulnerability.
* debian/control: Added X-Vcs-* fields. - 2. By Marcus Better
-
* New upstream version.
- Fixed security issues: CVE-2006-5702, CVE-2006-5703.
* Install README.Debian. sources, accidentally left out.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)