Package: dokuwiki Version: 0.0.20140505.a+dfsg-4 Severity: important Dear Maintainer,
today I scanned my Debian oldstable installation with the OpenVAS framework and noticed that the dokuwiki package does not include important fixes. The CVE are: CVE-2017-18123 DokuWiki Reflected File Download Vulnerability CVE-2017-12979 and VE-2017-12980 DokuWiki Stored XSS Vulnerability CVE-2017-12583 DokuWiki XSS Vulnerability As Debian stretch is still supported please update dokuwiki to version 2017-02-19e or later. Thanks! -- System Information: Debian Release: 9.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-11-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages dokuwiki depends on: ii debconf [debconf-2.0] 1.5.61 ii javascript-common 11 ii libjs-jquery 3.1.1-2+deb9u1 ii libjs-jquery-cookie 11-3 ii libjs-jquery-ui 1.12.1+dfsg-4 ii libphp-simplepie 1.3.1+dfsg-3.1 ii php-geshi 1.0.8.11-2.1 ii php-seclib 1.0.5-1 ii php5 5.6.30+dfsg-0+deb8u1 ii ucf 3.0036 Versions of packages dokuwiki recommends: ii imagemagick 8:6.9.7.4+dfsg-11+deb9u7 ii imagemagick-6.q16 [imagemagick] 8:6.9.7.4+dfsg-11+deb9u7 ii php5-cli 5.6.30+dfsg-0+deb8u1 ii php5-gd 5.6.30+dfsg-0+deb8u1 ii php5-ldap 5.6.30+dfsg-0+deb8u1 ii php5-mysql 5.6.30+dfsg-0+deb8u1 ii wget 1.18-5+deb9u3 Versions of packages dokuwiki suggests: pn libapache2-mod-xsendfile <none> -- Configuration Files: /etc/dokuwiki/mime.conf changed [not included] -- debconf information excluded