Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 246603 - www-apps/joomla < 1.5.8: XSS
Summary: www-apps/joomla < 1.5.8: XSS
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://developer.joomla.org/security/...
Whiteboard: ~4 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-13 11:58 UTC by Hanno Böck
Modified: 2008-11-15 21:22 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-11-13 14:07:24 UTC
Not sure whether ~ is appropriate here, but a package which has already been masked for security reasons is probably considered even less important than an ~arch only package.
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-13 15:58:32 UTC
Also:

Name:      CVE-2008-5053
URL:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5053
Published: 2008-11-13
Severity:
Description:

PHP remote file inclusion vulnerability in admin.rssreader.php in the
Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows
remote attackers to execute arbitrary PHP code via a URL in the
mosConfig_live_site parameter.

Comment 3 Gunnar Wrobel (RETIRED) gentoo-dev 2008-11-14 20:17:51 UTC
Added www-apps/joomla-1.5.8, removed www-apps/joomla-1.5.7.
webapps done.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-15 21:22:51 UTC
Thanks, closing then.