Comment 1 Markus Rothe (RETIRED) 2006-06-24 13:22:15 UTC

stable on ppc64

Comment 2 Tobias Scherbaum (RETIRED) 2006-06-25 00:43:28 UTC

ppc stable

Comment 3 Petteri Räty (RETIRED) 2006-06-25 02:47:38 UTC

stable on x86

Comment 4 Marcus D. Hanwell (RETIRED) 2006-06-25 03:38:17 UTC

Stable on amd64.

Comment 5 Guy Martin (RETIRED) 2006-06-25 07:06:03 UTC

Stable on hppa.

Comment 6 Jason Wever (RETIRED) 2006-06-25 15:45:24 UTC

SPARC Stable

Comment 7 Jose Luis Rivero (yoswink) (RETIRED) 2006-06-27 06:00:58 UTC

alpha done. 
Security this is ready for you.

Comment 8 Raphael Marichez (Falco) (RETIRED) 2006-06-27 07:57:21 UTC

Thanks you guys,

we don't know anything about the vulnerability, and futhermore this is really old.
I suggest closing without glsa.
Fell free to reopen if you have elements justifying a call to a vote.

Comment 9 Raphael Marichez (Falco) (RETIRED) 2006-07-05 09:09:52 UTC

(In reply to comment #8)
> Thanks you guys,
> 
> we don't know anything about the vulnerability,

some news :

SA 20939

Description:
Micheal Turner has discovered a weakness in phpSysInfo, which can be exploited by malicious people to detect files on the server.

The weakness is caused by an error message returning information about whether or not a file exists. This can be exploited by providing a filename with a directory traversal character sequence to the "lng" parameter in index.php.

The weakness has been confirmed in version 2.5.1. Other versions may also be affected.

Solution:
Filter malicious characters or character sequences with a web proxy.

Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Micheal Turner