Register | Log in

dokuwiki

standards compliant simple to use wiki

Choose email to subscribe with

general

source: dokuwiki (main)
version: 0.0.20180422.a-2
maintainer: Tanguy Ortolo [DMD]
uploaders: Tanguy Ortolo [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.0.20120125b-2+deb7u1
o-o-sec: 0.0.20120125b-2+deb7u2
oldstable: 0.0.20140505.a+dfsg-4
old-sec: 0.0.20140505.a+dfsg-4+deb8u1
testing: 0.0.20180422.a-2
unstable: 0.0.20180422.a-2

versioned links

0.0.20120125b-2+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0.20120125b-2+deb7u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0.20140505.a+dfsg-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0.20140505.a+dfsg-4+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.0.20180422.a-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dokuwiki

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2016-7964: The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

Please fix it.

Created: 2016-11-01 Last update: 2018-10-02 07:02

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2016-7964: The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

Please fix it.

Created: 2018-07-18 Last update: 2018-10-02 07:02

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2018-10-01 Last update: 2018-12-17 16:33

Depends on packages which need a new maintainer normal

The packages that dokuwiki depends on which need a new maintainer are:

geshi (#895843)
- Depends: php-geshi

Created: 2018-04-16 Last update: 2018-12-17 15:25

5 ignored security issues in jessie low

There are 5 open security issues in jessie.

5 issues skipped by the security teams:

TEMP-0780817-7C5137:
CVE-2017-12979: DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution.
CVE-2017-12980: DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as demonstrated by the dc:creator element.
CVE-2014-9253: The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.
CVE-2016-7964: The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.

Please fix them.

Created: 2015-07-12 Last update: 2018-10-02 07:02

news

[2018-10-02] dokuwiki 0.0.20180422.a-2 MIGRATED to testing (Debian testing watch)
[2018-09-26] Accepted dokuwiki 0.0.20180422.a-2 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2018-09-19] Accepted dokuwiki 0.0.20180422.a-1 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2018-07-18] dokuwiki 0.0.20160626.a-2.1 MIGRATED to testing (Debian testing watch)
[2018-07-13] Accepted dokuwiki 0.0.20160626.a-2.1 (source) into unstable (Reinhard Tartler)
[2018-07-05] Accepted dokuwiki 0.0.20140505.a+dfsg-4+deb8u1 (source all) into oldstable (Antoine Beaupré)
[2018-05-23] dokuwiki REMOVED from testing (Debian testing watch)
[2018-02-04] Accepted dokuwiki 0.0.20120125b-2+deb7u2 (source all) into oldoldstable (Chris Lamb)
[2017-06-20] dokuwiki 0.0.20160626.a-2 MIGRATED to testing (Debian testing watch)
[2017-04-14] Accepted dokuwiki 0.0.20160626.a-2 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2017-04-04] dokuwiki REMOVED from testing (Debian testing watch)
[2016-08-20] dokuwiki 0.0.20160626.a-1 MIGRATED to testing (Debian testing watch)
[2016-08-14] Accepted dokuwiki 0.0.20160626.a-1 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2016-05-15] dokuwiki 0.0.20150810.a-2 MIGRATED to testing (Debian testing watch)
[2016-05-09] Accepted dokuwiki 0.0.20150810.a-2 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2016-03-05] dokuwiki 0.0.20150810.a-1 MIGRATED to testing (Debian testing watch)
[2016-02-28] Accepted dokuwiki 0.0.20150810.a-1 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2015-04-27] dokuwiki 0.0.20140929.d-1 MIGRATED to testing (Britney)
[2015-03-23] dokuwiki 0.0.20140505.a+dfsg-4 MIGRATED to testing (Britney)
[2015-03-22] Accepted dokuwiki 0.0.20140929.d-1 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2015-03-22] Accepted dokuwiki 0.0.20140505.a+dfsg-4 (source all) into testing-proposed-updates (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2014-11-03] Accepted dokuwiki 0.0.20120125b-2+deb7u1 (source all) into proposed-updates->stable-new, proposed-updates (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2014-10-29] Accepted dokuwiki 0.0.20091225c-10+squeeze3 (source all) into squeeze-lts (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2014-10-28] Accepted dokuwiki 0.0.20140929.a-1 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2014-10-16] dokuwiki 0.0.20140505.a+dfsg-3 MIGRATED to testing (Britney)
[2014-10-05] Accepted dokuwiki 0.0.20140505.a+dfsg-3 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2014-09-01] dokuwiki 0.0.20140505.a+dfsg-2 MIGRATED to testing (Britney)
[2014-08-26] Accepted dokuwiki 0.0.20140505.a+dfsg-2 (source all) into unstable (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2014-08-25] Accepted dokuwiki 0.0.20140505.a+dfsg-1 (source all) into experimental (Tanguy Ortolo) (signed by: Tanguy Pierre Charles Philippe Ortolo)
[2014-06-14] dokuwiki 0.0.20140505+dfsg-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 5
RC: 0
I&N: 4
M&W: 1
F&P: 0
patch: 1

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.0.20180422.a-2
12 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing