Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 616784 (CVE-2017-7983, CVE-2017-7984, CVE-2017-7985, CVE-2017-7986, CVE-2017-7987, CVE-2017-7988, CVE-2017-7989, CVE-2017-8057) - www-apps/joomla: Multiple vulnerabilities
Summary: www-apps/joomla: Multiple vulnerabilities
Status: RESOLVED WONTFIX
Alias: CVE-2017-7983, CVE-2017-7984, CVE-2017-7985, CVE-2017-7986, CVE-2017-7987, CVE-2017-7988, CVE-2017-7989, CVE-2017-8057
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [ebuild+ cve]
Keywords: PMASKED
Depends on:
Blocks:
 
Reported: 2017-04-27 18:56 UTC by GLSAMaker/CVETool Bot
Modified: 2017-06-17 08:41 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-04-27 18:56:28 UTC 
CVE-2017-8057 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8057):
  In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full
  path disclosures on systems with enabled error reporting.

CVE-2017-7989 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7989):
  In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks
  allowed low-privilege users to upload swf files even if they were explicitly
  forbidden.

CVE-2017-7988 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7988):
  In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of
  form contents allows overwriting the author of an article.

CVE-2017-7987 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7987):
  In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file
  and folder names leads to XSS vulnerabilities in the template manager
  component.

CVE-2017-7986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7986):
  In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of
  specific HTML attributes leads to XSS vulnerabilities in various components.

CVE-2017-7985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7985):
  In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of
  multibyte characters leads to XSS vulnerabilities in various components.

CVE-2017-7984 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7984):
  In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads
  to XSS in the template manager component.

CVE-2017-7983 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7983):
  In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail
  API leaked the used PHPMailer version in the mail headers.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-17 18:42:35 UTC 
# Thomas Deutschmann <whissi@gentoo.org> (17 May 2017)
# Multiple unpatched security vulnerabilities (see bug #603756, #610696, #612650 ...)
# Removal in 30 days.
www-apps/joomla
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-06-17 08:41:11 UTC 
commit fe7d7445faf698a716e9f542fdc18b771fa42b6a
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: Sat Jun 17 10:29:26 2017
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: Sat Jun 17 10:39:58 2017

    www-apps/joomla: Remove last-rited pkg