from $url Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. Publish Date : 2017-01-23 Last Update Date : 2017-01-26 http://www.cvedetails.com/cve/CVE-2016-9081/
References For CVE-2016-9081 https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html CONFIRM http://www.securityfocus.com/bid/93969 BID 93969 Joomla! Core CVE-2016-9081 Security Bypass Vulnerability Release Date:2016-11-04
I am the maintainer. I have added www-apps/joomla-3.6.5-ebuild to my overlay, hnaparst and verified that it works. I would ask proxy-maint to add this to the main gentoo repository if they find it acceptable.
OK. Please post the URL to the PR once you have created one.
What is PR an abbreviation for?
Proxy maintainers can grab whatever they want from here: https://github.com/hnaparst/overlay/tree/master/www-apps/joomla This overlay is also listed in layman as hnaparst.
PR = Pull Request. Can you please create a PR against Gentoo's GitHub mirror? Otherwise, please create a patch and attach to this bug.
Created attachment 467474 [details] joomla-3.6.5.ebuild
https://github.com/gentoo/gentoo/pull/4243
# Thomas Deutschmann <whissi@gentoo.org> (17 May 2017) # Multiple unpatched security vulnerabilities (see bug #603756, #610696, #612650 ...) # Removal in 30 days. www-apps/joomla
commit fe7d7445faf698a716e9f542fdc18b771fa42b6a Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Sat Jun 17 10:29:26 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Sat Jun 17 10:39:58 2017 www-apps/joomla: Remove last-rited pkg
