Summary: | <dev-php/PEAR-PhpDocumentor-1.4.3-r1: bundled smarty lib vulnerable (CVE-2008-1066) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 212147 | ||
Bug Blocks: |
Description
Hanno Böck
2008-03-13 23:13:44 UTC
Reading the Fedora ChangeLog: * Fri Mar 21 2008 Konstantin Ryabitsev <icon fedoraproject org> - 1.4.1-2 - Use system php-Smarty. Do we / can we use the system smarty? (In reply to comment #1) > Do we / can we use the system smarty? No, we don't. I couldn't find the relevant src.rpm anywhere and really don't intend on patching this myself, esp. considering that this bundles 2.6.0 while 2.6.19 is the current stable on Gentoo. Google gives this: http://pkgs.fedoraproject.org/gitweb/?p=php-pear-PhpDocumentor.git;a=commitdiff;h=63f319e403332dc1c9bc78bb31e22355ea9efb94 Seems easy enough. Fixed in 1.4.3-r1. (In reply to comment #3) > Google gives this: > http://pkgs.fedoraproject.org/gitweb/?p=php-pear-PhpDocumentor.git;a=commitdiff;h=63f319e403332dc1c9bc78bb31e22355ea9efb94 > > Seems easy enough. Fixed in 1.4.3-r1. > Thank you, Matti. Can we stabilize PEAR-PhpDocumentor-1.4.3-r1? (In reply to comment #4) > (In reply to comment #3) > > Google gives this: > > http://pkgs.fedoraproject.org/gitweb/?p=php-pear-PhpDocumentor.git;a=commitdiff;h=63f319e403332dc1c9bc78bb31e22355ea9efb94 > > > > Seems easy enough. Fixed in 1.4.3-r1. > > > > Thank you, Matti. Can we stabilize PEAR-PhpDocumentor-1.4.3-r1? > Please do. Thank you. Arches, please test and stabilize =dev-php/PEAR-PhpDocumentor-1.4.3-r1 ppc/ppc64 stable x86 stable amd64 ok amd64 done. Thanks Agostino Stable for HPPA. alpha/ia64/sparc stable GLSA request filed. This issue was resolved and addressed in GLSA 201111-04 at http://security.gentoo.org/glsa/glsa-201111-04.xml by GLSA coordinator Tim Sammut (underling). |