Debian Security Advisory
DSA-3760-1 ikiwiki -- security update
- Date Reported:
- 12 Jan 2017
- Affected Packages:
- ikiwiki
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-9646, CVE-2016-10026, CVE-2017-0356.
- More information:
-
Multiple vulnerabilities have been found in the Ikiwiki wiki compiler:
- CVE-2016-9646
Commit metadata forgery via CGI::FormBuilder context-dependent APIs
- CVE-2016-10026
Editing restriction bypass for git revert
- CVE-2017-0356
Authentication bypass via repeated parameters
Additional details on these vulnerabilities can be found at https://ikiwiki.info/security/
For the stable distribution (jessie), these problems have been fixed in version 3.20141016.4.
For the unstable distribution (sid), these problems have been fixed in version 3.20170111.
We recommend that you upgrade your ikiwiki packages.
- CVE-2016-9646