Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 128992 - www-apps/coppermine-1.4.3 file inclusion vulnerabilities (CAN-2006-0872, CAN-2006-0873)
Summary: www-apps/coppermine-1.4.3 file inclusion vulnerabilities (CAN-2006-0872, CAN-...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial
Assignee: Gentoo Security
URL: http://secunia.com/advisories/18941/ ...
Whiteboard: ~1 [noglsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-05 22:04 UTC by Weedy
Modified: 2006-04-24 09:36 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
coppermine-1.4.4.ebuild (coppermine-1.4.4.ebuild,1.17 KB, text/plain)
2006-04-05 22:06 UTC, Weedy 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Weedy 2006-04-05 22:04:42 UTC 
+++ This bug was initially created as a clone of Bug #116562 +++

Here's an ebuild for the latest stable coppermine package (coppermine-1.4.4). It's identical to the coppermine-1.4.3.ebuild ebuild, which is already in the tree.

After successfully installing the ebuild and testing the package, I found the following on the coppermine.sf.net website:

Maintenance release cpg1.4.4 fixes security issues - Update NOW!
+ 26 February 2006

To fix the vulnerability that has been discovered recently in cpg1.4.x, upgrade to the most recent version cpg1.4.4!

Patch for Coppermine 1.4.x remote code execution
+ 21 February 2006

A security vulnerability has been discovered in cpg1.4.x - to protect your site, you need to apply the supplied fix!

Thanks!

Ps. don't know why this wasn't added sooner, seems like a nasty bug
Comment 1 Weedy 2006-04-05 22:06:22 UTC 
Created attachment 84051 [details]
coppermine-1.4.4.ebuild
Comment 2 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-06 03:32:43 UTC 
ok, i guess you know the deal, thanks :)
Comment 3 Weedy 2006-04-06 06:05:31 UTC 
i liked my title better >.>
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2006-04-22 03:36:14 UTC 
You should bump directly to 1.4.5 to also solve bug 130277
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2006-04-24 09:36:51 UTC 
coppermine 1.4.5 is in the tree. Closing.