Debian Security Advisory
DSA-3760-1 ikiwiki -- security update
- Date Reported:
- 12 Jan 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-9646, CVE-2016-10026, CVE-2017-0356.
- More information:
Multiple vulnerabilities have been found in the Ikiwiki wiki compiler:
Commit metadata forgery via CGI::FormBuilder context-dependent APIs
Editing restriction bypass for git revert
Authentication bypass via repeated parameters
Additional details on these vulnerabilities can be found at https://ikiwiki.info/security/
For the stable distribution (jessie), these problems have been fixed in version 3.20141016.4.
For the unstable distribution (sid), these problems have been fixed in version 3.20170111.
We recommend that you upgrade your ikiwiki packages.