Security Information / 2012 / Security Information -- DSA-2474-1 ikiwiki

Debian Security Advisory

DSA-2474-1 ikiwiki -- cross-site scripting

Date Reported:

16 May 2012

Affected Packages:

ikiwiki

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-0220.

More information:

Raúl Benencia discovered that ikiwiki, a wiki compiler, does not properly escape the author (and its URL) of certain metadata, such as comments. This might be used to conduct cross-site scripting attacks.

For the stable distribution (squeeze), this problem has been fixed in version 3.20100815.9.

For the testing distribution (wheezy), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 3.20120516.

We recommend that you upgrade your ikiwiki packages.