149672 – www-apps/phprojekt-5.1.x: remote code inclusion

Bug 149672 - www-apps/phprojekt-5.1.x: remote code inclusion

Summary: www-apps/phprojekt-5.1.x: remote code inclusion

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.phprojekt.com/modules.php?...
Whiteboard:	~1 [noglsa] vorlon
Keywords:

Depends on:
Blocks:

Reported:	2006-09-30 17:45 UTC by Matthias Geerdsen (RETIRED)
Modified:	2006-10-04 02:13 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthias Geerdsen (RETIRED) gentoo-dev

2006-09-30 17:45:46 UTC

advisory: 
http://www.hardened-php.net/advisory_062006.129.html

from the phprojekt website:

Stefan Esser from the hardened-php project, our long-term helping hand for PHProjekt security audit, has reported us exploits for remote code inclusion. To fix this and improve the security, we changed all variables in require and include functions to constants.

The new version 5.1.2 is ready for download. We strongly recommend to update your PHProjekt 5.1 installation.

Only the releases from PHProjekt 5.1.x are concerned, but not the 5.0 version or before.

Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev

2006-09-30 17:49:14 UTC

web-apps, pls provide an updated ebuild 

the affected version is not marked stable, so no GLSA will be published

Comment 2 Renat Lumpau (RETIRED) gentoo-dev

2006-10-03 21:00:18 UTC

in CVS

Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev

2006-10-04 02:13:29 UTC

thanks Renat

closing without GLSA since this is ~arch