Control: forwarded -1 https://github.com/splitbrain/dokuwiki/issues/3651 Control: tag -1 + fixed-upstream Control: found -1 0.0.20220317~gitaeff85c-0.1~exp1
Hi Neil, thanks for the bug report. Neil Williams wrote: > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2022-28919 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28919 The relevant information seems to be in https://github.com/splitbrain/dokuwiki/issues/3651 > Please adjust the affected versions in the BTS as needed. Thanks for the reminder. I updated the upper limit based on its date and the information in the upstream bug report that the fix was made just four days ago. Upstream though hasn't made any new upstream release with this fix yet, so we will either do an upload of a git snapshot or cherry-picking that commit. (JFTR, mostly for Anton: Upstream's release plans for the next stable release are here: https://github.com/splitbrain/dokuwiki/projects/6) Figuring out which older releases are affected likely needs some more digging in upstream's and/or in the library's upstream git repo. Regards, Axel -- ,''`. | Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
signature.asc
Description: PGP signature