Summary: | www-apps/phpwiki < 1.3.14 Empty LDAP Passwords Authentication Bypass (CVE-2007-3193) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/25595/ | ||
Whiteboard: | B3 [glsa] p-y | ||
Package list: | Runtime testing required: | --- |
Description
Lars Hartmann
2007-06-11 20:41:51 UTC
maintainers - please advice and bump as necessary maintainers - please advice maintainers - please advice maintainers - please advice web-apps, there's version 1.3.13_rc1 in the tree, is it the same as upstream version 1.3.13p1? And if not, does it still fix this issue? Sorry for the delay again. I checked in 1.3.13_rc1 and removed the problematic UpLoad.php. So 1.3.13_r1 should be without the issue. Today I also checked in 1.3.14 and verified that the code in UpLoad.php has been fixed. My preference would be to stabilize 1.3.14 and remove all older ebuild. Well, i confused this with bug #174451. But the security issue mentioned here has also been fixed in 1.3.14. Thanks Gunnar. fixing severity since some arches were stable. Arches (or should I say ppc :) please test and mark stable www-apps/phpwiki-1.3.14. Target keywords are: "ppc ~sparc ~x86 ~amd64" ppc stable, ready for glsa voting. I tend to vote YES. I vote YES I tend to vote NO. web-apps no longer needed here :) I'll vote yes - adding request. CVE-2007-3193 it's GLSA 200709-10, sorry for the delay. |