Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 181339
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Lars Hartmann <lars@chaotika.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 181339 depends on: 181529 Show dependency tree
Bug 181339 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-06-08 18:41 0000 
Description:
Some vulnerabilities with unknown impacts have been reported in eGroupWare.

The vulnerabilities are caused due to unknown errors in the wz_tooltips and
ADOdb libraries. No further information is currently available.

The vulnerabilities are reported in version 1.2.106-2. Other versions may also
be affected.

Solution:
Update to version 1.2.107-2 or 1.4.001.

Provided and/or discovered by:
Janosch Machowinski

Reproducible: Always

------- Comment #1 From Lars Hartmann 2007-06-08 18:42:41 0000 ------- 
maintainers - please advice and bump as necessary

------- Comment #2 From Renat Lumpau 2007-06-10 01:11:50 0000 ------- 
1.4.001 in the tree

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-06-10 07:54:59 0000 ------- 
Arches please test and mark stable. Target keywords are:

egroupware-1.4.001.ebuild:KEYWORDS="alpha amd64 hppa ppc ~sparc x86"

------- Comment #4 From Jeroen Roovers 2007-06-10 14:52:49 0000 ------- 
I edited the reference to files/postinstall-en-1.2.txt in the ebuild so that
the install doesn't fail (and committed the change to CVS) but I now find this
in [Check installation] on the site:

PEAR::Net_Socket is needed by: FeLaMiMail. PEAR (pear.php.net) is a PHP
repository and is usually in a package called php-pear.

However:

# qlop -lu PEAR-Net_Socket www-apps/egroupware-1.4
Sun Dec  3 23:38:02 2006 >>> dev-php/PEAR-Net_Socket-1.0.6-r1
Sun Jun 10 16:39:33 2007 >>> www-apps/egroupware-1.4.001
Sun Jun 10 16:46:56 2007 >>> dev-php/PEAR-Net_Socket-1.0.6-r1

http://pear.php.net/package/Net_Socket suggests there's a 1.0.8 with 1.0.6
being the latest in the tree. But maybe that doesn't solve the issue. I am just
passing on the information as I find it.

------- Comment #5 From Jeroen Roovers 2007-06-10 14:56:15 0000 ------- 
(In reply to comment #4)
> PEAR::Net_Socket is needed by: FeLaMiMail. PEAR (pear.php.net) is a PHP
> repository and is usually in a package called php-pear.

That's incomplete, sorry. The full error message is:

Checking PEAR::Net_Socket is installed: False
PEAR::Net_Socket is needed by: FeLaMiMail. PEAR (pear.php.net) is a PHP
repository and is usually in a package called php-pear.

------- Comment #6 From Jeroen Roovers 2007-06-10 15:27:53 0000 ------- 
(In reply to comment #5)
> Checking PEAR::Net_Socket is installed: False
> PEAR::Net_Socket is needed by: FeLaMiMail. PEAR (pear.php.net) is a PHP
> repository and is usually in a package called php-pear.

This problem seems to have fixed itself. Stable for HPPA. This problem sticks:

  IUSE.invalid                   1
   www-apps/egroupware/egroupware-1.4.001.ebuild: ical

------- Comment #7 From Jeroen Roovers 2007-06-10 15:28:05 0000 ------- 
(In reply to comment #5)
> Checking PEAR::Net_Socket is installed: False
> PEAR::Net_Socket is needed by: FeLaMiMail. PEAR (pear.php.net) is a PHP
> repository and is usually in a package called php-pear.

This problem seems to have fixed itself. Stable for HPPA. This problem sticks:

  IUSE.invalid                   1
   www-apps/egroupware/egroupware-1.4.001.ebuild: ical

------- Comment #8 From Raúl Porcel 2007-06-10 20:22:45 0000 ------- 
It doesn't depend on php either

alpha/x86 stable

------- Comment #9 From Tobias Scherbaum 2007-06-13 19:10:28 0000 ------- 
ppc stable

------- Comment #10 From Lars Hartmann 2007-06-19 16:55:24 0000 ------- 
amd64 - please advice

------- Comment #11 From Christoph Mende 2007-06-22 13:38:35 0000 ------- 
amd64 stable

------- Comment #12 From Lars Hartmann 2007-06-23 06:32:32 0000 ------- 
this here is ready for glsa decision

------- Comment #13 From Sune Kloppenborg Jeppesen 2007-06-23 17:55:56 0000 ------- 
I tend to vote NO.

------- Comment #14 From Raphael Marichez 2007-06-25 17:06:46 0000 ------- 
Unspecified vulnerabilities with unknown impacts due to unknown errors

--> i vote no too. Feel freee to reopen if you disagree.
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug