Ikiwiki upstream has released v3.20100312 version: [1] http://ikiwiki.info/security/#index36h2 addressing one security issue (from [1]): "Ivan Shmakov pointed out that the htmlscrubber allowed data:image/* urls, including data:image/svg+xml. But svg can contain javascript, so that is unsafe. This hole was discovered on 12 March 2010 and fixed the same day with the release of ikiwiki 3.20100312. A fix was also backported to Debian etch, as version 2.53.5. I recommend upgrading to one of these versions if your wiki can be edited by third parties." References: [2] http://secunia.com/advisories/38983/ CVE Request: [3] http://www.openwall.com/lists/oss-security/2010/03/17/10 Credit: Ivan Shmakov
This issue affects the current versions of the ikiwiki package (ikiwiki-3.20100212-1.fc11 and ikiwiki-3.20100212-1.fc12), as shipped with Fedora releases 11 and 12. Please fix.
ikiwiki-3.20100312-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/ikiwiki-3.20100312-1.fc12
ikiwiki-3.20100312-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/ikiwiki-3.20100312-1.fc13
ikiwiki-3.20100312-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/ikiwiki-3.20100312-1.fc11
This is CVE-2010-1195.
ikiwiki-3.20100312-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
ikiwiki-3.20100312-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
ikiwiki-3.20100312-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.