phpwiki includes an affected XMLRPC PHP library and should be patched.
Ccing stuart. Feel free to open this bug as soon as you think it's public enough.
We might have to patch this one before upstream does...
Now officially affected after latest Gulftech thing.
Same thing as for tikiwki. It includes some old version of phpxmlrpc code (some intermediary version), so the fix must be backported by some PHP-aware folk (note that maybe copying the xmlrpc.inc and xmlrpcs.inc over is sufficient ?).
Created attachment 62620 [details, diff] phpwiki.patch Backported patch from PEAR fix
web-apps: please bump with patch... and test a little (I didn't)
Looking at this one now ...
phpwiki-1.2.4 is unaffected. phpwiki-1.3.10-r1 is now in the tree, and includes the patch. There's no stabilisation needed; phpwiki-1.3.10's keywords were ~ppc ~sparc ~x86. Best regards, Stu
Thanks everyone, Stable version was unaffected. No GLSA published.