On 23/06/2011 14:41, Tanguy Ortolo wrote: > Hello, > > Following the instructions of the security team, I have recently > uploaded new versions of my package dokuwiki for stable and oldstable, > fixing a flaw in the RPC interface that allows to bypass the ACL system > in some very specific cases. I am not sure that you are already aware of > my upload. > > Now, another flaw has been discovered some days ago, allowing to insert > arbitrary JavaScript links in the following case: a wiki page references > an RSS feed; this feed contains specially crafted content. These are > only JavaScript links, that require users to click on it, but that can > be inserted from an external control over the referenced RSS feed only. > This affects both the stable and oldstable version: can I send an > updated package, fixing both the ACL and the RSS problems? >
ask -security? > Regards, > -- Mehdi Dogguy مهدي الدڤي http://dogguy.org/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
