Ubuntu
ikiwiki package

[ikiwiki] [CVE-2008-0808, CVE-2008-0809] cross-site scripting

Bug #203462 reported by disabled.user
258
Affects Status Importance Assigned to Milestone
ikiwiki (Ubuntu)
Fix Released
Medium
Unassigned
Declined for Feisty by Jamie Strandboge
Gutsy
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: ikiwiki

References:
DSA-1523-1 (http://www.debian.org/security/2008/dsa-1523)

Quoting:
"Josh Triplett discovered that ikiwiki did not block Javascript in
URLs, leading to cross-site scripting vulnerabilities."

CVE References

Revision history for this message
Luca Falavigna (dktrkranz) wrote :

Fixed in Intrepid with version 2.45ubuntu1.

Changed in ikiwiki:
importance: Undecided → Medium
status: New → Fix Released
Jamie Strandboge (jdstrand)
Changed in ikiwiki:
status: New → Confirmed
Revision history for this message
Sergio Zanchetta (primes2h) wrote :

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in ikiwiki (Ubuntu Gutsy):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.