Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2944 to the following vulnerability: Name: CVE-2009-2944 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2944 Assigned: 20090823 Reference: CONFIRM: http://ikiwiki.info/security/#index35h2 Reference: BID:36181 Reference: URL: http://www.securityfocus.com/bid/36181 Reference: SECUNIA:36516 Reference: URL: http://secunia.com/advisories/36516 Reference: VUPEN:ADV-2009-2475 Reference: URL: http://www.vupen.com/english/advisories/2009/2475 Incomplete blacklist vulnerability in the teximg plugin in ikiwiki before 3.1415926 and 2.x before 2.53.4 allows context-dependent attackers to read arbitrary files via crafted TeX commands.
This affects Fedora 11 and also Fedora 10 (I am suspecting the 2.72 version was a development snapshot of 3.x as the latest 2.x on the site is 2.53.4 and I don't see a 2.72 version anywhere).
ikiwiki-3.1415926-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/ikiwiki-3.1415926-1.fc11
ikiwiki-2.72-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/ikiwiki-2.72-2.fc10
ikiwiki-2.72-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
ikiwiki-3.1415926-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.