Bug#1117531: marked as done (dokuwiki: CVE-2025-61224)

Debian Bug Tracking System Sun, 30 Nov 2025 04:51:17 -0800

Your message dated Sun, 30 Nov 2025 12:48:40 +0000
with message-id <[email protected]>
and subject line Bug#1117531: fixed in dokuwiki 2025-05-14.b+dfsg-1
has caused the Debian Bug report #1117531,
regarding dokuwiki: CVE-2025-61224
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1117531: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117531
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: dokuwiki
Version: 2025-05-14.a+dfsg-4
Severity: important
Tags: security upstream
Forwarded: https://github.com/dokuwiki/dokuwiki/issues/4512
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for dokuwiki.

CVE-2025-61224[0]:
| Cross Site Scripting vulnerability in DokuWiki 2025-05-14a
| 'Librarian'[56.1] allows a remote attacker to execute arbitrary code
| via the q parameter

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-61224
    https://www.cve.org/CVERecord?id=CVE-2025-61224
[1] https://github.com/dokuwiki/dokuwiki/issues/4512

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: dokuwiki
Source-Version: 2025-05-14.b+dfsg-1
Done: Daniel Baumann <[email protected]>

We believe that the bug you reported is fixed in the latest version of
dokuwiki, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Daniel Baumann <[email protected]> (supplier of updated dokuwiki package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 30 Nov 2025 13:19:03 +0100
Source: dokuwiki
Architecture: source
Version: 2025-05-14.b+dfsg-1
Distribution: sid
Urgency: medium
Maintainer: Daniel Baumann <[email protected]>
Changed-By: Daniel Baumann <[email protected]>
Closes: 1111888 1117531
Changes:
 dokuwiki (2025-05-14.b+dfsg-1) sid; urgency=medium
 .
   * Merging upstream version 2025-05-14.b+dfsg:
     - fixes Cross Site Scripting vulnerability that allows a remote attacker to
       execute arbitrary code (Closes: #1117531) [CVE-2025-61224]
   * Updating local upstream changelog for version 2025-05-14.b+dfsg.
   * Harmonizing upstream urls.
   * Adding patch to correct internal FeedParser alias (Closes: #1111888).
Checksums-Sha1:
 f819b287ada82f105b1567c2afd6644f26383c64 1429 dokuwiki_2025-05-14.b+dfsg-1.dsc
 45f445f75c1efb68b406789e038c8be0646a4232 1746556 
dokuwiki_2025-05-14.b+dfsg.orig.tar.xz
 38d0c4d831f54b848f30adefc0a16c52a2878209 96084 
dokuwiki_2025-05-14.b+dfsg-1.debian.tar.xz
 9e400909640d839e2d5551798fdff84d520c0113 5927 
dokuwiki_2025-05-14.b+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 14729095ae93c0d83867d1b15a09fc58f5155a7582274fb41ca37d23db993239 1429 
dokuwiki_2025-05-14.b+dfsg-1.dsc
 0be859d6bf4c5fa563bd9f26f006a837e7819efb2826d1fc0d45152a18554f70 1746556 
dokuwiki_2025-05-14.b+dfsg.orig.tar.xz
 1c419a8fdfc4931694420a93b490e1af0922e810ac8c423aa22a1f9865000b9d 96084 
dokuwiki_2025-05-14.b+dfsg-1.debian.tar.xz
 b408a05880e5799f0dbd6e1abc31f2cc510808ae5df9d1e250c71b26011bf231 5927 
dokuwiki_2025-05-14.b+dfsg-1_amd64.buildinfo
Files:
 227c090719d1e9aff2991eb8ebb94e0a 1429 web optional 
dokuwiki_2025-05-14.b+dfsg-1.dsc
 bbc0d306d3fa240dd7f3bcba9c2148a6 1746556 web optional 
dokuwiki_2025-05-14.b+dfsg.orig.tar.xz
 b701c8b0d111b6df8f03615de9cad372 96084 web optional 
dokuwiki_2025-05-14.b+dfsg-1.debian.tar.xz
 45857d981464f61c8f7c1a4698f6a604 5927 web optional 
dokuwiki_2025-05-14.b+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQQmmGg4gLaoSj0ERgL7tPDoCoAiLwUCaSw4kQAKCRD7tPDoCoAi
L757APsHYuiE8JwD6lvNsBawHwCYSExzYPxJpmxy+Xl2/5iIpQEAh0rEcJvnY0hO
TF3AGJu3qKs3hdTMUZD+txWr0gvH7Qg=
=2glW
-----END PGP SIGNATURE-----

pgprWm0FCUE76.pgp
Description: PGP signature

--- End Message ---

Bug#1117531: marked as done (dokuwiki: CVE-2025-61224)

Reply via email to