Debian Package Tracker

general

source: dokuwiki (main)
version: 0.0.20180422.a-2
maintainer: Tanguy Ortolo (DMD)
uploaders: Tanguy Ortolo [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.0.20140505.a+dfsg-4
o-o-sec: 0.0.20140505.a+dfsg-4+deb8u1
stable: 0.0.20180422.a-2
testing: 0.0.20180422.a-2
unstable: 0.0.20180422.a-2

versioned links

0.0.20140505.a+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0.20140505.a+dfsg-4+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0.20180422.a-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dokuwiki (4 bugs: 0, 3, 1, 0)

action needed

A new upstream version is available: 0.0.20180422.b high

A new upstream version 0.0.20180422.b is available, you should consider packaging it.

Created: 2019-01-08 Last update: 2019-12-11 03:35

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2016-7964: The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

Please fix it.

Created: 2019-07-07 Last update: 2019-10-21 00:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2016-7964: The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

Please fix it.

Created: 2016-11-01 Last update: 2019-10-21 00:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-12-11 07:35

Depends on packages which need a new maintainer normal

The packages that dokuwiki depends on which need a new maintainer are:

geshi (#895843)
- Depends: php-geshi

Created: 2019-11-22 Last update: 2019-12-11 06:15

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2016-7964: The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

Please fix it.

Created: 2018-07-18 Last update: 2019-10-21 00:30

5 ignored security issues in jessie low

There are 5 open security issues in jessie.

5 issues skipped by the security teams:

CVE-2017-12979: DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
CVE-2016-7964: The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.
TEMP-0780817-7C5137:
CVE-2017-12980: DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.
CVE-2014-9253: The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.

Please fix them.

Created: 2015-07-12 Last update: 2019-10-21 00:30

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.2.1).

Created: 2018-12-23 Last update: 2019-09-29 23:40

news

[rss feed]

[2018-10-02] dokuwiki 0.0.20180422.a-2 MIGRATED to testing (Debian testing watch)
[2018-09-26] Accepted dokuwiki 0.0.20180422.a-2 (source all) into unstable (Tanguy Ortolo)
[2018-09-19] Accepted dokuwiki 0.0.20180422.a-1 (source all) into unstable (Tanguy Ortolo)
[2018-07-18] dokuwiki 0.0.20160626.a-2.1 MIGRATED to testing (Debian testing watch)
[2018-07-13] Accepted dokuwiki 0.0.20160626.a-2.1 (source) into unstable (Reinhard Tartler)
[2018-07-05] Accepted dokuwiki 0.0.20140505.a+dfsg-4+deb8u1 (source all) into oldstable (Antoine Beaupré)
[2018-05-23] dokuwiki REMOVED from testing (Debian testing watch)
[2018-02-04] Accepted dokuwiki 0.0.20120125b-2+deb7u2 (source all) into oldoldstable (Chris Lamb)
[2017-06-20] dokuwiki 0.0.20160626.a-2 MIGRATED to testing (Debian testing watch)
[2017-04-14] Accepted dokuwiki 0.0.20160626.a-2 (source all) into unstable (Tanguy Ortolo)
[2017-04-04] dokuwiki REMOVED from testing (Debian testing watch)
[2016-08-20] dokuwiki 0.0.20160626.a-1 MIGRATED to testing (Debian testing watch)
[2016-08-14] Accepted dokuwiki 0.0.20160626.a-1 (source all) into unstable (Tanguy Ortolo)
[2016-05-15] dokuwiki 0.0.20150810.a-2 MIGRATED to testing (Debian testing watch)
[2016-05-09] Accepted dokuwiki 0.0.20150810.a-2 (source all) into unstable (Tanguy Ortolo)
[2016-03-05] dokuwiki 0.0.20150810.a-1 MIGRATED to testing (Debian testing watch)
[2016-02-28] Accepted dokuwiki 0.0.20150810.a-1 (source all) into unstable (Tanguy Ortolo)
[2015-04-27] dokuwiki 0.0.20140929.d-1 MIGRATED to testing (Britney)
[2015-03-23] dokuwiki 0.0.20140505.a+dfsg-4 MIGRATED to testing (Britney)
[2015-03-22] Accepted dokuwiki 0.0.20140929.d-1 (source all) into unstable (Tanguy Ortolo)
[2015-03-22] Accepted dokuwiki 0.0.20140505.a+dfsg-4 (source all) into testing-proposed-updates (Tanguy Ortolo)
[2014-11-03] Accepted dokuwiki 0.0.20120125b-2+deb7u1 (source all) into proposed-updates->stable-new, proposed-updates (Tanguy Ortolo)
[2014-10-29] Accepted dokuwiki 0.0.20091225c-10+squeeze3 (source all) into squeeze-lts (Tanguy Ortolo)
[2014-10-28] Accepted dokuwiki 0.0.20140929.a-1 (source all) into unstable (Tanguy Ortolo)
[2014-10-16] dokuwiki 0.0.20140505.a+dfsg-3 MIGRATED to testing (Britney)
[2014-10-05] Accepted dokuwiki 0.0.20140505.a+dfsg-3 (source all) into unstable (Tanguy Ortolo)
[2014-09-01] dokuwiki 0.0.20140505.a+dfsg-2 MIGRATED to testing (Britney)
[2014-08-26] Accepted dokuwiki 0.0.20140505.a+dfsg-2 (source all) into unstable (Tanguy Ortolo)
[2014-08-25] Accepted dokuwiki 0.0.20140505.a+dfsg-1 (source all) into experimental (Tanguy Ortolo)
[2014-06-14] dokuwiki 0.0.20140505+dfsg-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 6
RC: 0
I&N: 5
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.0.20180422.a-2
12 bugs