Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to disclose sensitive information, conduct cross-site scripting and request forgery, and SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being used. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to disclose the installation path via SQL error messages. 2) Certain unhandled exceptions can be exploited to disclose the full installation path. 3) Certain double URL-encoded input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) An error in the checking of access permissions can be exploited to disclose certain information. 6) Certain unspecified input is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary site e.g. when the user clicks a specially crafted link to the affected script hosted on a trusted domain. 7) Certain unspecified input is not properly sanitised before being used. This can be exploited to disclose potentially sensitive information. 8) An error in the handling of access permissions can be exploited to edit otherwise restricted files. 9) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to perform certain unspecified actions within the application by tricking a user into visiting a malicious web site while being logged in to the application. 10) An error within the editor caching facility can be exploited to use all available disk space. The vulnerabilities are reported in versions prior to 1.6.1.
Maintainers, please make sure the ebuild for joomla-1.6.1 is not hard masked and has at least the same keywords the previous ~arch ebuild has.
The hard mask will not be reverted as 1.6 is a major rewrite, and an upgrade is not so easily done. Apart from this, the Secunia advisory is a bit misleading as 1.6.0 is the only affected version not anything below that, see the original Joomla! advisories. From the Joomla! FAQ: Question: how long will Joomla 1.5 and 1.6 be supported? Joomla 1.5 is branded a Long Term Support Release (LTS)and will have support until the beginning of april 2012. Joomla 1.6 is a standard support release, and will be supported until august 2011. Joomla 1.7 should be released in july 2011. More about the development strategy can be found here: http://developer.joomla.org/strategy.html. Additional KEYWORDS added.
I've been through the Joomla advisories, most easily found at http://www.joomla.org/announcements/release-news/5350-joomla-161-released.html, and agree it looks like this only affected 1.6.0, which was never in the tree. http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-apps/joomla/?hideattic=0 Therefore, I do not think we have anything to do here; please reopen if you disagree. Thanks, everyone.
