The vulnerability was discovered in aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side request forgery, resulting in information disclosure or denial of service. Reference: https://www.openwall.com/lists/oss-security/2019/02/28/1 Upstream commit: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=e7b0d4a http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=67543ce http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=d283e4c http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9a275b2
Created ikiwiki tracking bugs for this issue: Affects: epel-6 [bug 1690314]
External References: https://www.debian.org/security/2019/dsa-4399