293648 – (CVE-2009-3946) <www-apps/joomla-1.5.15 information disclosure (CVE-2009-3946)

Bug 293648 (CVE-2009-3946) - <www-apps/joomla-1.5.15 information disclosure (CVE-2009-3946)

Summary: <www-apps/joomla-1.5.15 information disclosure (CVE-2009-3946)

Status:	RESOLVED FIXED

Alias:	CVE-2009-3946

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Lowest trivial (vote)
Assignee:	Gentoo Security

URL:	http://developer.joomla.org/security/...
Whiteboard:	~4 [noglsa]
Keywords:

Duplicates (1):	297478 (view as bug list)
Depends on:
Blocks:

Reported:	2009-11-18 19:33 UTC by Stefan Behte (RETIRED)
Modified:	2009-12-25 00:38 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-11-18 19:33:37 UTC

CVE-2009-3946 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3946):
  Joomla! before 1.5.15 allows remote attackers to read an extension's
  XML file, and thereby obtain the extension's version number, via a
  direct request.

Comment 1 Christian Faulhammer (RETIRED) gentoo-dev

2009-12-25 00:16:34 UTC

*** Bug 297478 has been marked as a duplicate of this bug. ***

Comment 2 Christian Faulhammer (RETIRED) gentoo-dev

2009-12-25 00:38:21 UTC

Bumped in tree, closing as it is a masked package.

Olivier, if you want, I can be your proxy for the maintenance.  Please email me directly.