This bug was fixed in the package tikiwiki - 1.9.7+dfsg-1ubuntu1.2
---------------
tikiwiki (1.9.7+dfsg-1ubuntu1.2) feisty-security; urgency=low
[ Emanuele Gentili ]
* SECURITY UPDATE: (LP: #180702)
+ CVE 2007-6526: Cross-site scripting (XSS) vulnerability in
tiki-special_chars.php
in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web
script or
HTML via the area_name parameter.
+ CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php
in TikiWiki
before 1.9.9 allows remote attackers to read arbitrary files via a ..
(dot dot) and
modified filename in the movie parameter.
+ CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before
1.9.9 have
unknown impact and attack vectors involving tiki-edit_css.php,
tiki-g-admin_shared_source.php.
* debian/patches/91_CVE-2007-6526_CVE-2007-6528_CVE-2007-6529.dpatch
- Applied patch by upstream
* References
- CVE-2007-6526
- CVE-2007-6528
- CVE-2007-6529
[ Jamie Strandboge ]
* Use dash-compliant syntax in debian/rules
-- Emanuele Gentili <[EMAIL PROTECTED]> Sun, 17 Feb 2008
18:12:35 +0100
--
Multiple vulnerabilities allow XSS and reading of arbitrary files
https://bugs.launchpad.net/bugs/180702
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
