Summary: | www-apps/phpwiki script upload vulnerability (CVE-2007-{2024,2025}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Pierre-Yves Rofes (RETIRED) <py> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/24888/ | ||
Whiteboard: | B1 [glsa] p-y | ||
Package list: | Runtime testing required: | --- |
Description
Pierre-Yves Rofes (RETIRED)
2007-04-13 13:05:36 UTC
setting status. web-apps, please advise. Hmm no, I was right at first, it's a B1 since ppc had a stable version. sorry for the noise. There is currently no fixed version available from UPSTREAM. I did proceed as suggested by the advisory and automatically remove the UpLoad.php file during the installation. Now there is an updated ebuild phpwiki-1.3.10-r3 that contains this fix. It is still marked unstable for ppc. Please test and mark stable on ppc as soon as possible. I removed two older ebuilds phpwiki-1.3.1{1,2} and added phpwiki-1.3.13_rc1 which will also remove UpLoad.php automatically during install. Please advise people with a phpwiki installation to immeadiately remove their UpLoad.php file. ppc, please test and mark www-apps/phpwiki-1.3.10-r3 stable. ppc stable thanks. ready for glsa. GLSA 200705-16, thanks everybody |