Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 293648 (CVE-2009-3946)

Summary: <www-apps/joomla-1.5.15 information disclosure (CVE-2009-3946)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: fauli, oli.huber, web-apps
Priority: Lowest    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://developer.joomla.org/security/news/306-20091103-core-xml-file-read-issue.html
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-11-18 19:33:37 UTC 
CVE-2009-3946 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3946):
  Joomla! before 1.5.15 allows remote attackers to read an extension's
  XML file, and thereby obtain the extension's version number, via a
  direct request.
Comment 1 Christian Faulhammer (RETIRED) gentoo-dev 2009-12-25 00:16:34 UTC 
*** Bug 297478 has been marked as a duplicate of this bug. ***
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2009-12-25 00:38:21 UTC 
Bumped in tree, closing as it is a masked package.

Olivier, if you want, I can be your proxy for the maintenance.  Please email me directly.