1
Candidate: CVE-2014-9253
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9253
5
https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960
7
The default file type whitelist configuration in conf/mime.conf in the
8
Media Manager in DokuWiki before 2014-09-29b allows remote attackers to
9
execute arbitrary web script or HTML by uploading an SWF file, then
10
accessing it via the media parameter to lib/exe/fetch.php.
13
sarnold> update from upstream just disables uploads for swf files
16
Discovered-by: Kacper Szurek
20
upstream: https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960
21
upstream_dokuwiki: released (0.0.20140929.d-1)
22
lucid_dokuwiki: ignored (reached end-of-life)
23
precise_dokuwiki: ignored (reached end-of-life)
24
precise/esm_dokuwiki: DNE (precise was needed)
25
trusty_dokuwiki: needed
26
utopic_dokuwiki: ignored (reached end-of-life)
27
vivid_dokuwiki: ignored (reached end-of-life)
28
vivid/stable-phone-overlay_dokuwiki: DNE
29
vivid/ubuntu-core_dokuwiki: DNE
30
wily_dokuwiki: ignored (reached end-of-life)
31
xenial_dokuwiki: not-affected (0.0.20140929.d-1ubuntu1)
32
yakkety_dokuwiki: not-affected (0.0.20160626.a-1)
33
zesty_dokuwiki: not-affected
34
artful_dokuwiki: not-affected
35
bionic_dokuwiki: not-affected
36
devel_dokuwiki: not-affected