* SECURITY UPDATE: (LP: #163833)
+ CVE-2007-4554: Cross-site scripting (XSS) vulnerability in
tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows
remote attackers to inject arbitrary web script or HTML via the username
parameter. NOTE: this issue might be related to CVE-2006-2635.7.
+ CVE-2007-5423: Eval injection vulnerability in tiki-graph_formula.php in
TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP
sequences in the f array parameter.
+ CVE-2007-5682: Unspecified vulnerability in tiki-graph_formula.php in
TikiWiki before 1.9.8.2 has unknown impact and attack vectors, a different
vulnerability than CVE-2007-5423.
* debian/patches/90_CVE-2007-4554.dpatch:
- Applied patch by upstream
* debian/patches/90_CVE-2007-5423_CVE-2007-5682.dpatch:
- Applied patch by upstream
* References:
CVE-2007-4554
CVE-2007-5423
CVE-2007-5682
-- Stephan Hermann <email address hidden> Mon, 26 Nov 2007 15:34:47 +0100
tikiwiki (1.9.7+ dfsg-1ubuntu1. 1) feisty-security; urgency=low
* SECURITY UPDATE: (LP: #163833) remind_ password. php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows formula. php in formula. php in patches/ 90_CVE- 2007-4554. dpatch: patches/ 90_CVE- 2007-5423_ CVE-2007- 5682.dpatch:
+ CVE-2007-4554: Cross-site scripting (XSS) vulnerability in
tiki-
remote attackers to inject arbitrary web script or HTML via the username
parameter. NOTE: this issue might be related to CVE-2006-2635.7.
+ CVE-2007-5423: Eval injection vulnerability in tiki-graph_
TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP
sequences in the f array parameter.
+ CVE-2007-5682: Unspecified vulnerability in tiki-graph_
TikiWiki before 1.9.8.2 has unknown impact and attack vectors, a different
vulnerability than CVE-2007-5423.
* debian/
- Applied patch by upstream
* debian/
- Applied patch by upstream
* References:
CVE-2007-4554
CVE-2007-5423
CVE-2007-5682
-- Stephan Hermann <email address hidden> Mon, 26 Nov 2007 15:34:47 +0100