Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 102378

Summary: dev-php/phpxmlrpc XML-RPC Vulnerabilities round 2
Product: Gentoo Security Reporter: Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: php-bugs, tomk
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-13 07:36:19 UTC
see bug #102324
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-08-14 22:04:14 UTC
Now instead see bug #102576 
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-08-18 09:36:39 UTC
Fixed version is PHPXMLRPC 1.2
http://prdownloads.sourceforge.net/phpxmlrpc/xmlrpc.1.2.tgz?download
Comment 3 Tom Knight (RETIRED) gentoo-dev 2005-08-22 10:15:44 UTC
I'm having a look at this, it's proving to be a bit more difficult as there have
been some undocumented changes.
Comment 4 Tom Knight (RETIRED) gentoo-dev 2005-08-22 11:12:18 UTC
phpxmlrpc-1.2 in cvs, stable on x84 and amd64.
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2005-08-22 13:25:27 UTC
sparc stable.
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-22 13:28:46 UTC
Stable on ppc
Comment 7 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-22 14:05:27 UTC
All security-important arches in, ready for GLSA.
Comment 8 Bryan Østergaard (RETIRED) gentoo-dev 2005-08-22 15:30:33 UTC
Stable on ia64.
Comment 9 Maik Musall 2005-08-23 08:45:36 UTC
I wasn't able to update to 1.2 unless I manually emerged
app-text/docbook-sgml-utils including all of it's dependencies.

I used -uD with emerge, so I suspect this is a new dependency of phpxmlrpc on
docbook-sgml-utils?
Comment 10 Tom Knight (RETIRED) gentoo-dev 2005-08-23 09:42:36 UTC
(In reply to comment #9)
> I wasn't able to update to 1.2 unless I manually emerged
> app-text/docbook-sgml-utils including all of it's dependencies.
> 
> I used -uD with emerge, so I suspect this is a new dependency of phpxmlrpc on
> docbook-sgml-utils?
> 

Yes there was a new dependancy introduced with this version, the package that is
needed is actually app-text/docbook-dsssl-stylesheets (which is one of
docbook-sgml-utils' dependancies). I'll fix this when I get home tonight. 
Comment 11 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-23 10:31:05 UTC
Ok, waiting for the new ebuild
Comment 12 Tom Knight (RETIRED) gentoo-dev 2005-08-23 10:49:47 UTC
phpxmlrpc.1.2-r1 in the tree, sorry for the mess up.
Comment 13 Gustavo Zacarias (RETIRED) gentoo-dev 2005-08-23 11:14:33 UTC
stable on sparc, again.
fyi, you shouldn't have removed 1.2 and bumped to -r1 since it was just a build
fix, and also you're doing a security regression by removing the old one until
the new one is keyworded.
Comment 14 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-23 11:17:20 UTC
Stable again on ppc.
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2005-08-24 02:52:18 UTC
GLSA 200508-13
ia64 should mark stable to benefit from GLSA