Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 402269 (CVE-2012-0835) - <www-apps/joomla-3.3.3: Multiple vulnerabilities (CVE-2012-{0835,0836,0837})
Summary: <www-apps/joomla-3.3.3: Multiple vulnerabilities (CVE-2012-{0835,0836,0837})
Status: RESOLVED FIXED
Alias: CVE-2012-0835
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/47847/
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-05 18:08 UTC by Viorel Tabara
Modified: 2014-09-04 10:38 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2012-02-05 21:02:48 UTC
Thanks for the bug, Viorel. Please include a little information about the vulnerabilities when opening bugs. Thanks.
Comment 2 Viorel Tabara 2012-02-05 22:07:06 UTC
This came in on oss-security@lists.openwall.com and is also referenced at 
http://secunia.com/advisories/47847/.


http://developer.joomla.org/security/news/387-20120201-core-information-disclosure.html

Severity: Low
Versions: 2.5.0 and 1.7.0 - 1.7.4
Exploit type: Information Disclosure
Reported Date: 2012-January-29
Fixed Date: 2012-February-02

Description

Inadequate validation leads to information disclosure in administrator.
Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 1.7.5 or 2.5.1 or higher


=====


http://developer.joomla.org/security/news/388-20120202-core-information-disclosure.html

Severity: Moderate
Versions: 1.7.4 and all earlier 1.7.x versions
Exploit type: Information Disclosure
Reported Date: 2012-January-06
Fixed Date: 2012-February-02

Description

On some servers the error log could be read by unauthorised users.
Affected Installs

Joomla! version 1.7.4 and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.1 or 1.7.5 or higher


=====


http://developer.joomla.org/security/news/389-20120203-core-information-disclosure.html

Severity: Low
Versions: 2.5.0 and 1.7.0 - 1.7.4
Exploit type: Information Disclosure
Reported Date: 2012-January-29
Fixed Date: 2012-February-02

Description

Inadequate validation leads to path disclosure in administrator.
Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.1 or 1.7.5 or higher
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-17 01:02:12 UTC
Can we get the hardmasked 1.7 bumped, please? Just to be safe.
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-26 18:37:59 UTC
This package is currently masked for removal

# William Hubbs <williamh@gentoo.org> (05 Aug 2014)
# Masked by QA for removal in 30 days.
# The unmasked version is very old, there are multiple open security
# bugs and several version bumps. The package appears to be abandoned.
# This will be removed on 5 Sep 2014 unless someone takes over
# maintenance and brings it up to date.
# See bug #518886
www-apps/joomla
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-09-04 10:38:43 UTC
Version bumped to 3.3.3 and vulnerable versions are dropped, c.f bug #518886 and bug #410969

Closing noglsa.