Your message dated Sun, 22 Mar 2015 18:20:15 +0100
with message-id <[email protected]>
and subject line Re: Bug#766545: CVE-2014-8763 CVE-2014-8764
has caused the Debian Bug report #766545,
regarding CVE-2014-8763 CVE-2014-8764
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
766545: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766545
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dokuwiki
Severity: important
Tags: security

Hi Tanguy,
CVE-2014-8763/CVE-2014-8764 have been assigned to this:
http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
 

There was also a CVE assignment for this issue, which is
already fixed in jessie:
https://github.com/splitbrain/dokuwiki/issues/765

I don't know dokuwiki, should we fix the media manager issue in wheezy?

See http://seclists.org/oss-sec/2014/q4/361 for details on
the CVE assignments.

Cheers,
        Moritz

--- End Message ---
--- Begin Message ---
Emmanuel Kasper, 2015-03-11 15:10+0100:
I've just installed the Debian Dokuwiki package and did some research
concerning CVE-2014-8763/CVE-2014-8764

Now it seems that he problem has been solved in the php side since php
5.6 ( look for ldap in http://php.net/ChangeLog-5.php )

Since Jessie has PHP >= 5.6 in Jessie and Sid, that just leaves Debian
stable vulnerable to the issue, so it might not be necessary to make a
specific upload for Jessie

Yes, this is correct, and since this issue was already fixed in squeeze-lts and wheezy-security with specific uploads, that leave... no Debian distribution vulnerable, I am therefore closing this bug. Thanks for the information!

Librement,

--
 ,--.
: /` )   Tanguy Ortolo      <xmpp:[email protected]>
| `-'    Debian Developer   <irc://irc.oftc.net/Tanguy>
 \_

Attachment: signature.asc
Description: Digital signature


--- End Message ---

Reply via email to