-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : dokuwiki Version : 0.0.20120125b-2+deb7u2 CVE ID : CVE-2017-18123 Debian Bug : #889281
It was discovered that an XHR/AJAX call did not properly encode user input in the "dokuwiki" wiki platform. This resulted in a reflected file download vulnerability. For Debian 7 "Wheezy", this issue has been fixed in dokuwiki version 0.0.20120125b-2+deb7u2. We recommend that you upgrade your dokuwiki packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlp24lAACgkQHpU+J9Qx Hlgg/g//SYrRWtCzVZiOwFE2tAEaBZtQi9OyCyPV6jYfRaSAAPOtgYSpTlzHpF6Q SUXfjbX90tW5nlpz7onygQeBbGmgUtlbpJlI5bwXb4FiYAxftpv/AIhmRRLQbxdR Y/pMYZJ8rK+qFiZKp3j0b59aBFiF51ZI6KJ/qfhcqR/dWTEXjmblTKSmMmRHMRxP P1DV8iDnQgm3J/PxKcq0x44xZTyTQuxESV+l5qstWDm9aNc9npfgNvDEBp7Aoqo6 JQc4p1vRGcwsiYN+oAvzinA+sg934+G1Jrtox+p3expAeZaOfhqrb3GZhmSAd02k fMmMloA+gV+REe7QpOPALJXy1vhdUAsQcSeOgKrEY0BAjczEnv6I49WbbfVjg0Oy lCGrJZR4AuXjtVDnwYYWwQugL1wzxyw4WEx6qKuu5j5fcRx/Np6jixNEAALaJWYi Sj00feFelhlJ7Jx66ucipgyPgPs0ZXxhwA7T5QwshS71ZhW/GWAfP8oeFjXMB8xu ovyTVkL2ubtDYhqu3c7Hji8ejpukmFHt/aVAaiZkloFEutRaKt95XBMAz+e6fuAt Z+gDRoEPmFSNTeBMfcG30rQOm91l48rlA01oZANAiqeUxuhC85EhKa1jGT8x52rs bWwyKT1r73wHcAyAPcKT+xkoyCEUGUjKoUVtzafdl8Ug66ZF/FE= =tT4k -----END PGP SIGNATURE-----