618780 – (CVE-2017-8917) www-apps/joomla: SQL injection

Bug 618780 (CVE-2017-8917) - www-apps/joomla: SQL injection

Summary: www-apps/joomla: SQL injection

Status:	RESOLVED WONTFIX

Alias:	CVE-2017-8917

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:	https://developer.joomla.org/security...
Whiteboard:	~1 [ebuild+/cve]
Keywords:	PMASKED

Depends on:
Blocks:

Reported:	2017-05-17 16:46 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-06-17 08:41 UTC (History)
CC List:	4 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-17 16:46:30 UTC

Reported Date: 2017-May-11
Fixed Date: 2017-May-17
CVE Number: CVE-2017-8917

Description:
============
Inadequate filtering of request data leads to a SQL Injection vulnerability.


Affected Installs
=================
Joomla! CMS versions 3.7.0


Solution
========
Upgrade to version 3.7.1

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-05-17 18:43:17 UTC

# Thomas Deutschmann <whissi@gentoo.org> (17 May 2017)
# Multiple unpatched security vulnerabilities (see bug #603756, #610696, #612650 ...)
# Removal in 30 days.
www-apps/joomla

Comment 2 Michał Górny archtester

2017-06-17 08:41:12 UTC

commit fe7d7445faf698a716e9f542fdc18b771fa42b6a
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: Sat Jun 17 10:29:26 2017
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: Sat Jun 17 10:39:58 2017

    www-apps/joomla: Remove last-rited pkg