Hi, On Fri, Sep 20, 2019 at 01:51:41PM +0200, Klaus Fuerstberger wrote: > Package: dokuwiki > Version: 0.0.20140505.a+dfsg-4 > Severity: important > > Dear Maintainer, > > today I scanned my Debian oldstable installation with the OpenVAS > framework and noticed that the dokuwiki package does not include > important fixes. > > The CVE are: > CVE-2017-18123 DokuWiki Reflected File Download Vulnerability > CVE-2017-12979 and VE-2017-12980 DokuWiki Stored XSS Vulnerability > CVE-2017-12583 DokuWiki XSS Vulnerability > > As Debian stretch is still supported please update dokuwiki to > version 2017-02-19e or later.
FWIW, dokuwiki is not in stretch. It was in jessie, and is again in buster, but for stretch it was not fit for the release. Regards, Salvatore