PEAR-PhpDocumentor bundles smarty, which is affected by CVE-2008-1066. Upstream-Bug filed: http://pear.php.net/bugs/bug.php?id=13351
Reading the Fedora ChangeLog: * Fri Mar 21 2008 Konstantin Ryabitsev <icon fedoraproject org> - 1.4.1-2 - Use system php-Smarty. Do we / can we use the system smarty?
(In reply to comment #1) > Do we / can we use the system smarty? No, we don't. I couldn't find the relevant src.rpm anywhere and really don't intend on patching this myself, esp. considering that this bundles 2.6.0 while 2.6.19 is the current stable on Gentoo.
Google gives this: http://pkgs.fedoraproject.org/gitweb/?p=php-pear-PhpDocumentor.git;a=commitdiff;h=63f319e403332dc1c9bc78bb31e22355ea9efb94 Seems easy enough. Fixed in 1.4.3-r1.
(In reply to comment #3) > Google gives this: > http://pkgs.fedoraproject.org/gitweb/?p=php-pear-PhpDocumentor.git;a=commitdiff;h=63f319e403332dc1c9bc78bb31e22355ea9efb94 > > Seems easy enough. Fixed in 1.4.3-r1. > Thank you, Matti. Can we stabilize PEAR-PhpDocumentor-1.4.3-r1?
(In reply to comment #4) > (In reply to comment #3) > > Google gives this: > > http://pkgs.fedoraproject.org/gitweb/?p=php-pear-PhpDocumentor.git;a=commitdiff;h=63f319e403332dc1c9bc78bb31e22355ea9efb94 > > > > Seems easy enough. Fixed in 1.4.3-r1. > > > > Thank you, Matti. Can we stabilize PEAR-PhpDocumentor-1.4.3-r1? > Please do.
Thank you. Arches, please test and stabilize =dev-php/PEAR-PhpDocumentor-1.4.3-r1
ppc/ppc64 stable
x86 stable
amd64 ok
amd64 done. Thanks Agostino
Stable for HPPA.
alpha/ia64/sparc stable
GLSA request filed.
This issue was resolved and addressed in GLSA 201111-04 at http://security.gentoo.org/glsa/glsa-201111-04.xml by GLSA coordinator Tim Sammut (underling).