Bug 246603

Summary:	www-apps/joomla < 1.5.8: XSS
Product:	Gentoo Security	Reporter:	Hanno Böck <hanno>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html
Whiteboard:	~4 [ebuild]
Package list:		Runtime testing required:	---

Description Hanno Böck gentoo-dev

2008-11-13 11:58:42 UTC

I know it's security-masked at the moment, anyway we should bump.

http://developer.joomla.org/security/news/283-20081101-core-comcontent-xss-vulnerability.html
http://developer.joomla.org/security/news/284-20081102-core-comweblinks-xss-vulnerability.html

Comment 1 Christian Hoffmann (RETIRED) gentoo-dev

2008-11-13 14:07:24 UTC

Not sure whether ~ is appropriate here, but a package which has already been masked for security reasons is probably considered even less important than an ~arch only package.

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2008-11-13 15:58:32 UTC

Also:

Name:      CVE-2008-5053
URL:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5053
Published: 2008-11-13
Severity:
Description:

PHP remote file inclusion vulnerability in admin.rssreader.php in the
Simple RSS Reader (com_rssreader) 1.0 component for Joomla! allows
remote attackers to execute arbitrary PHP code via a URL in the
mosConfig_live_site parameter.

Comment 3 Gunnar Wrobel (RETIRED) gentoo-dev

2008-11-14 20:17:51 UTC

Added www-apps/joomla-1.5.8, removed www-apps/joomla-1.5.7.
webapps done.

Comment 4 Stefan Behte (RETIRED) gentoo-dev

2008-11-15 21:22:51 UTC

Thanks, closing then.