Add dokuwiki multiple ACL escalation vulnerabilities.

Feature safe:	yes
This commit is contained in:
Xin LI 2011-01-24 23:00:50 +00:00
parent de9e8cf8f9
commit 30e3f87e71
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=268186
3 changed files with 43 additions and 4 deletions

View file

@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="7580f00e-280c-11e0-b7c8-00215c6a37bb">
<topic>dokuwiki -- multiple privilege escalation vulnerabilities</topic>
<affects>
<package>
<name>dokuwiki</name>
<range><lt>20101107a</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Dokuwiki reports:</p>
<blockquote cite="http://bugs.dokuwiki.org/index.php?do=details&amp;task_id=2136">
<p>This security update fixes problems in the XMLRPC
interface where ACLs where not checked correctly
sometimes, making it possible to access and write
information that should not have been accessible/writable.
This only affects users who have enabled the XMLRPC
interface (default is off) and have enabled XMLRPC
access for users who can't access/write all content
anyway (default is nobody, see <a
href="http://www.dokuwiki.org/config:xmlrpcuser">http://www.dokuwiki.org/config:xmlrpcuser</a>
for details).</p>
<p>This update also includes a fix for a problem in
the general ACL checking function that could be exploited
to gain access to restricted pages and media files in rare
conditions (when you had rights for an id you could get
the same rights on ids where one character has been
replaced by a ".").</p>
</blockquote>
</body>
</description>
<references>
<url>http://bugs.dokuwiki.org/index.php?do=details&amp;task_id=2136</url>
</references>
<dates>
<discovery>2011-01-16</discovery>
<entry>2011-01-24</entry>
</dates>
</vuln>
<vuln vid="5ab9fb2a-23a5-11e0-a835-0003ba02bf30">
<topic>asterisk -- Exploitable Stack Buffer Overflow</topic>
<affects>

View file

@ -7,7 +7,6 @@
PORTNAME= dokuwiki
PORTVERSION= ${DIST_VER:S/${PORTNAME}//:S/-//g}
PORTREVISION= 1
CATEGORIES= www
MASTER_SITES= http://www.splitbrain.org/_media/projects/dokuwiki/ \
LOCAL/chinsan/${PORTNAME}
@ -17,7 +16,7 @@ EXTRACT_SUFX= .tgz
MAINTAINER= delphij@FreeBSD.org
COMMENT= A simple and easy to use wiki, no database required
DIST_VER= ${PORTNAME}-2010-11-07
DIST_VER= ${PORTNAME}-2010-11-07a
USE_PHP= gd mbstring openssl pcre session xml zlib
NO_BUILD= YES
WANT_PHP_WEB= YES

View file

@ -1,2 +1,2 @@
SHA256 (dokuwiki-2010-11-07.tgz) = 2ed3fe0f10d8ece6bee42a51d9fbce4b597f6f4391597d63957d14ef88d4404d
SIZE (dokuwiki-2010-11-07.tgz) = 2756995
SHA256 (dokuwiki-2010-11-07a.tgz) = 657c033d22b81e56bfa049aadf7bba98d6cb6fe55d5c1e590f1acc30568e6883
SIZE (dokuwiki-2010-11-07a.tgz) = 2758654