Bug#889281: dokuwiki: CVE-2017-18123: reflected file download vulnerability

anarcat Thu, 07 Jun 2018 12:57:20 -0700

Hi,

I have tested an update of the jessie package and things seem to work
fine after merging the patch from upstream during a smoketest of a clean
jessie VM.


Attached is the debdiff to complete the update.

A.

diff -Nru dokuwiki-0.0.20140505.a+dfsg/debian/changelog 
dokuwiki-0.0.20140505.a+dfsg/debian/changelog
--- dokuwiki-0.0.20140505.a+dfsg/debian/changelog       2015-03-22 
13:50:07.000000000 -0400
+++ dokuwiki-0.0.20140505.a+dfsg/debian/changelog       2018-06-07 
15:25:55.000000000 -0400
@@ -1,3 +1,11 @@
+dokuwiki (0.0.20140505.a+dfsg-4+deb8u1) jessie-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * CVE-2017-18123: fix remote code execution through reflected file
+    download
+
+ -- Antoine Beaupré <anar...@debian.org>  Thu, 07 Jun 2018 15:25:55 -0400
+
 dokuwiki (0.0.20140505.a+dfsg-4) testing-proposed-updates; urgency=high
 
   * debian/patches: security fix, from upstream hotfix release
diff -Nru 
dokuwiki-0.0.20140505.a+dfsg/debian/patches/CVE-2017-18123-2f65d86.patch 
dokuwiki-0.0.20140505.a+dfsg/debian/patches/CVE-2017-18123-2f65d86.patch
--- dokuwiki-0.0.20140505.a+dfsg/debian/patches/CVE-2017-18123-2f65d86.patch    
1969-12-31 19:00:00.000000000 -0500
+++ dokuwiki-0.0.20140505.a+dfsg/debian/patches/CVE-2017-18123-2f65d86.patch    
2018-06-07 15:25:35.000000000 -0400
@@ -0,0 +1,25 @@
+From 238b8e878ad48f370903465192b57c2072f65d86 Mon Sep 17 00:00:00 2001
+From: Andreas Gohr <g...@cosmocode.de>
+Date: Tue, 27 Jun 2017 15:04:23 +0200
+Subject: [PATCH] filter special chars from ajax call parameter. fixes #2019
+
+---
+ lib/exe/ajax.php | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php
+index b3e9a618f5..9f9db5391a 100644
+--- a/lib/exe/ajax.php
++++ b/lib/exe/ajax.php
+@@ -15,9 +15,9 @@
+ 
+ //call the requested function
+ if($INPUT->post->has('call')){
+-    $call = $INPUT->post->str('call');
++    $call = $INPUT->post->filter('utf8_stripspecials')->str('call');
+ }else if($INPUT->get->has('call')){
+-    $call = $INPUT->get->str('call');
++    $call = $INPUT->get->filter('utf8_stripspecials')->str('call');
+ }else{
+     exit;
+ }
diff -Nru dokuwiki-0.0.20140505.a+dfsg/debian/patches/series 
dokuwiki-0.0.20140505.a+dfsg/debian/patches/series
--- dokuwiki-0.0.20140505.a+dfsg/debian/patches/series  2015-03-22 
13:48:40.000000000 -0400
+++ dokuwiki-0.0.20140505.a+dfsg/debian/patches/series  2018-06-07 
15:25:35.000000000 -0400
@@ -5,3 +5,4 @@
 soften_email_validator.diff
 use_packaged_jquery.diff
 cve-2015-2172_check_permissions_in_rpc.patch
+CVE-2017-18123-2f65d86.patch

signature.asc
Description: PGP signature

Bug#889281: dokuwiki: CVE-2017-18123: reflected file download vulnerability

Reply via email to