Summary: | dev-php/PEAR-MDB2 < 2.5.0_alpha1 - dangerous coding in blob url handling (CVE-2007-5934) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Jakub Moc (RETIRED) <jakub> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://pear.php.net/bugs/bug.php?id=10024 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Jakub Moc (RETIRED)
2007-11-08 11:36:17 UTC
InCVS now; and since the current stable deps won't work w/ the new dev-php/PEAR-MDB2... Target keywords: alpha amd64 hppa ia64 ppc ppc64 sparc x86 dev-php/PEAR-MDB2-2.5.0_alpha1 dev-php/PEAR-MDB2_Driver_mssql-1.3.0_alpha1 dev-php/PEAR-MDB2_Driver_mysql-1.5.0_alpha1 dev-php/PEAR-MDB2_Driver_mysqli-1.5.0_alpha1 dev-php/PEAR-MDB2_Driver_pgsql-1.5.0_alpha1 dev-php/PEAR-MDB2_Driver_sqlite-1.5.0_alpha1 Target keywords: amd64 x86 dev-php/PEAR-MDB2_Driver_oci8-1.5.0_alpha1 Enjoy! ;) Thanks, Jakub. ppc64 stable alpha/ia64/sparc/x86 stable Stable for HPPA. amd64 stable ppc stable It's information leak, but leaking the whole /etc/passwd is not nice, so voting yes. voting YES too, request filed. GLSA 200712-05 Does not affect current (2008.0) release. Removing release. |