386267 – (CVE-2011-3729) www-apps/dotproject: information disclosure vulnerability (CVE-2011-3729)

Bug 386267 (CVE-2011-3729) - www-apps/dotproject: information disclosure vulnerability (CVE-2011-3729)

Summary: www-apps/dotproject: information disclosure vulnerability (CVE-2011-3729)

Status:	RESOLVED FIXED

Alias:	CVE-2011-3729

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-10-08 12:50 UTC by GLSAMaker/CVETool Bot
Modified:	2013-10-17 08:05 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2011-10-08 12:50:21 UTC

CVE-2011-3729 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3729):
  dotproject 2.1.4 allows remote attackers to obtain sensitive information via
  a direct request to a .php file, which reveals the installation path in an
  error message, as demonstrated by style/dp-grey-theme/footer.php and certain
  other files.

Comment 1 Jean-Noël Rivasseau (RETIRED) gentoo-dev

2013-01-03 09:53:40 UTC

App was bumped to 2.1.7 today. I imagine it contains the fix.

Comment 2 Sergey Popov (RETIRED) gentoo-dev

2013-10-17 08:05:35 UTC

New version is in tree, old versions cleaned up, package has no stable versions - closing noglsa