diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 40 | ||||
| -rw-r--r-- | www/dokuwiki/Makefile | 3 | ||||
| -rw-r--r-- | www/dokuwiki/distinfo | 4 |
3 files changed, 43 insertions, 4 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 450468ee457b..79e11777ecb4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="7580f00e-280c-11e0-b7c8-00215c6a37bb"> + <topic>dokuwiki -- multiple privilege escalation vulnerabilities</topic> + <affects> + <package> + <name>dokuwiki</name> + <range><lt>20101107a</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dokuwiki reports:</p> + <blockquote cite="http://bugs.dokuwiki.org/index.php?do=details&task_id=2136"> + <p>This security update fixes problems in the XMLRPC + interface where ACLs where not checked correctly + sometimes, making it possible to access and write + information that should not have been accessible/writable. + This only affects users who have enabled the XMLRPC + interface (default is off) and have enabled XMLRPC + access for users who can't access/write all content + anyway (default is nobody, see <a + href="http://www.dokuwiki.org/config:xmlrpcuser">http://www.dokuwiki.org/config:xmlrpcuser</a> + for details).</p> + <p>This update also includes a fix for a problem in + the general ACL checking function that could be exploited + to gain access to restricted pages and media files in rare + conditions (when you had rights for an id you could get + the same rights on ids where one character has been + replaced by a ".").</p> + </blockquote> + </body> + </description> + <references> + <url>http://bugs.dokuwiki.org/index.php?do=details&task_id=2136</url> + </references> + <dates> + <discovery>2011-01-16</discovery> + <entry>2011-01-24</entry> + </dates> + </vuln> + <vuln vid="5ab9fb2a-23a5-11e0-a835-0003ba02bf30"> <topic>asterisk -- Exploitable Stack Buffer Overflow</topic> <affects> diff --git a/www/dokuwiki/Makefile b/www/dokuwiki/Makefile index ca79c4e724b3..a37bef0973e5 100644 --- a/www/dokuwiki/Makefile +++ b/www/dokuwiki/Makefile @@ -7,7 +7,6 @@ PORTNAME= dokuwiki PORTVERSION= ${DIST_VER:S/${PORTNAME}//:S/-//g} -PORTREVISION= 1 CATEGORIES= www MASTER_SITES= http://www.splitbrain.org/_media/projects/dokuwiki/ \ LOCAL/chinsan/${PORTNAME} @@ -17,7 +16,7 @@ EXTRACT_SUFX= .tgz MAINTAINER= delphij@FreeBSD.org COMMENT= A simple and easy to use wiki, no database required -DIST_VER= ${PORTNAME}-2010-11-07 +DIST_VER= ${PORTNAME}-2010-11-07a USE_PHP= gd mbstring openssl pcre session xml zlib NO_BUILD= YES WANT_PHP_WEB= YES diff --git a/www/dokuwiki/distinfo b/www/dokuwiki/distinfo index 3469dad219d0..4281a936d622 100644 --- a/www/dokuwiki/distinfo +++ b/www/dokuwiki/distinfo @@ -1,2 +1,2 @@ -SHA256 (dokuwiki-2010-11-07.tgz) = 2ed3fe0f10d8ece6bee42a51d9fbce4b597f6f4391597d63957d14ef88d4404d -SIZE (dokuwiki-2010-11-07.tgz) = 2756995 +SHA256 (dokuwiki-2010-11-07a.tgz) = 657c033d22b81e56bfa049aadf7bba98d6cb6fe55d5c1e590f1acc30568e6883 +SIZE (dokuwiki-2010-11-07a.tgz) = 2758654 |