First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 97651
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Thierry Carrez (RETIRED) <koon@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
egroupware.patch egroupware.patch patch Thierry Carrez (RETIRED) 2005-07-04 13:37 0000 1.06 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 97651 depends on: Show dependency tree
Bug 97651 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-07-01 13:26 0000 
According to GulfTech advisory egroupware is also affected.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-07-04 13:21:31 0000 ------- 
egroupware uses a really old version of what has finally become phpxmlrpc (in
phpgwapi/inc/xml_functions.inc.php). Needs a careful backport too :/

------- Comment #2 From Thierry Carrez (RETIRED) 2005-07-04 13:37:14 0000 ------- 
Created an attachment (id=62618) [details]
egroupware.patch

Backported patch from PEAR fix

------- Comment #3 From Thierry Carrez (RETIRED) 2005-07-04 13:49:22 0000 ------- 
web-apps: please bump with patch... and test a little (I didn't)

------- Comment #4 From Stuart Herbert (RETIRED) 2005-07-05 17:08:26 0000 ------- 
Patched and rev-bumped.

Best regards,
Stu

------- Comment #5 From Thierry Carrez (RETIRED) 2005-07-06 01:17:07 0000 ------- 
alpha amd64 ppc x86 : please mark stable, this is a really minor (but needed)
bump that shouldn't break anything.

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2005-07-06 12:57:31 0000 ------- 
Stable on ppc.

------- Comment #7 From Thierry Carrez (RETIRED) 2005-07-07 09:48:17 0000 ------- 
Arches: please mark stable so that the GLSA on this exploited vuln can go out.

------- Comment #8 From Matthias Geerdsen 2005-07-08 04:27:16 0000 ------- 
stable on alpha, thanks kloeri

amd64/x86/web-apps, pls test and mark stable

------- Comment #9 From Renat Lumpau 2005-07-09 07:26:53 0000 ------- 
Stuart - why is the epatch line in the ebuild commented out?

#   epatch ${FILESDIR}/${PN}-1.0.0.007-xmlrpc.patch

------- Comment #10 From Matthias Geerdsen 2005-07-09 07:37:36 0000 ------- 
back to ebuild status, until the issue in comment #9 is fixed

------- Comment #11 From Renat Lumpau 2005-07-09 19:02:06 0000 ------- 
Upstream released a new version. 1.0.0.008 in Portage, marked stable on x86.

------- Comment #12 From Stefan Cornelius (RETIRED) 2005-07-09 19:10:28 0000 ------- 
Recalling alpha and ppc. Arches, please test 1.0.0.008 and mark stable. Note
that this one is late and it's already being exploited + blocks another GLSA, so
don't wait too long. Thanks everbody!

------- Comment #13 From Stefan Cornelius (RETIRED) 2005-07-09 21:37:32 0000 ------- 
alpha, ppc, x86: i just noticed that you are already marked stable, sorry to
annoy you :( only amd64 left to go.

------- Comment #14 From Danny van Dyk (RETIRED) 2005-07-10 12:02:39 0000 ------- 
Sorry for the delay Stefan. amd64 is stable now.

------- Comment #15 From Danny van Dyk (RETIRED) 2005-07-10 12:03:10 0000 ------- 
Should remove us from CC as well :-)

------- Comment #16 From Stefan Cornelius (RETIRED) 2005-07-10 12:05:48 0000 ------- 
Ready for GLSA

------- Comment #17 From Matthias Geerdsen 2005-07-10 12:35:32 0000 ------- 
GLSA 200507-08

thanks everyone
First Last Prev Next    No search results available      Search page      Enter new bug