FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ikiwiki -- insufficient blacklisting in teximg plugin

Affected packages
ikiwiki < 3.1415926

Details

VuXML ID 6e8f54af-a07d-11de-a649-000c2955660f
Discovery 2009-08-28
Entry 2009-09-13

The IkiWiki development team reports:

IkiWikis teximg plugin's blacklisting of insecure TeX commands is insufficient; it can be bypassed and used to read arbitrary files.

References

CVE Name CVE-2009-2944
URL http://ikiwiki.info/security/#index35h2