diff options
| author | delphij <delphij@FreeBSD.org> | 2011-01-25 07:00:50 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2011-01-25 07:00:50 +0800 |
| commit | 0cc23a6895ff604884b6ef0dfcca379930487404 (patch) | |
| tree | 876fa59aea78b69b54385c2e3b49091d5a7dc47a /security | |
| parent | 66ff8202748265768f66371588678935cbde1908 (diff) | |
| download | freebsd-ports-gnome-0cc23a6895ff604884b6ef0dfcca379930487404.tar.gz freebsd-ports-gnome-0cc23a6895ff604884b6ef0dfcca379930487404.tar.zst freebsd-ports-gnome-0cc23a6895ff604884b6ef0dfcca379930487404.zip | |
Add dokuwiki multiple ACL escalation vulnerabilities.
Feature safe: yes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 450468ee457b..79e11777ecb4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7580f00e-280c-11e0-b7c8-00215c6a37bb"> + <topic>dokuwiki -- multiple privilege escalation vulnerabilities</topic> + <affects> + <package> + <name>dokuwiki</name> + <range><lt>20101107a</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dokuwiki reports:</p> + <blockquote cite="http://bugs.dokuwiki.org/index.php?do=details&task_id=2136"> + <p>This security update fixes problems in the XMLRPC + interface where ACLs where not checked correctly + sometimes, making it possible to access and write + information that should not have been accessible/writable. + This only affects users who have enabled the XMLRPC + interface (default is off) and have enabled XMLRPC + access for users who can't access/write all content + anyway (default is nobody, see <a + href="http://www.dokuwiki.org/config:xmlrpcuser">http://www.dokuwiki.org/config:xmlrpcuser</a> + for details).</p> + <p>This update also includes a fix for a problem in + the general ACL checking function that could be exploited + to gain access to restricted pages and media files in rare + conditions (when you had rights for an id you could get + the same rights on ids where one character has been + replaced by a ".").</p> + </blockquote> + </body> + </description> + <references> + <url>http://bugs.dokuwiki.org/index.php?do=details&task_id=2136</url> + </references> + <dates> + <discovery>2011-01-16</discovery> + <entry>2011-01-24</entry> + </dates> + </vuln> + <vuln vid="5ab9fb2a-23a5-11e0-a835-0003ba02bf30"> <topic>asterisk -- Exploitable Stack Buffer Overflow</topic> <affects> |