I know joomla is security-masked, but as long as we keep the ebuilds, we should take care of security bugs anyway. From 1.5.4-changelog: * LDAP security fix to prevent unauthorized access to administration * Added security to file caching to prevent unauthorized access to cached pages * User Redirect Spam fix * htaccess global variable security fix when SEF is enabled (See .htaccess Security Fix)
thanks Hanno web-apps, please provide an updated ebuild
CVE-2008-3225 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3225): Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix." CVE-2008-3226 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3226): The file caching implementation in Joomla! before 1.5.4 allows attackers to access cached pages via unknown attack vectors. CVE-2008-3227 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3227): Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact and attack vectors related to a "User Redirect Spam fix," possibly an open redirect vulnerability. CVE-2008-3228 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3228): Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors.
Bumped to 1.5.5. Removed 1.5.3. webapps done.
thanks, closing without glsa.
