Summary: | dev-php/phpxmlrpc XML-RPC Vulnerabilities round 2 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | php-bugs, tomk |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-08-13 07:36:19 UTC
Now instead see bug #102576 Fixed version is PHPXMLRPC 1.2 http://prdownloads.sourceforge.net/phpxmlrpc/xmlrpc.1.2.tgz?download I'm having a look at this, it's proving to be a bit more difficult as there have been some undocumented changes. phpxmlrpc-1.2 in cvs, stable on x84 and amd64. sparc stable. Stable on ppc All security-important arches in, ready for GLSA. Stable on ia64. I wasn't able to update to 1.2 unless I manually emerged app-text/docbook-sgml-utils including all of it's dependencies. I used -uD with emerge, so I suspect this is a new dependency of phpxmlrpc on docbook-sgml-utils? (In reply to comment #9) > I wasn't able to update to 1.2 unless I manually emerged > app-text/docbook-sgml-utils including all of it's dependencies. > > I used -uD with emerge, so I suspect this is a new dependency of phpxmlrpc on > docbook-sgml-utils? > Yes there was a new dependancy introduced with this version, the package that is needed is actually app-text/docbook-dsssl-stylesheets (which is one of docbook-sgml-utils' dependancies). I'll fix this when I get home tonight. Ok, waiting for the new ebuild phpxmlrpc.1.2-r1 in the tree, sorry for the mess up. stable on sparc, again. fyi, you shouldn't have removed 1.2 and bumped to -r1 since it was just a build fix, and also you're doing a security regression by removing the old one until the new one is keyworded. Stable again on ppc. GLSA 200508-13 ia64 should mark stable to benefit from GLSA |