Summary: | <dev-php5/pecl-apc-3.1.4: XSS (CVE-2010-3294) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kissifrot, php-bugs, Sergiy.Borodych, toto, xmw |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://pecl.php.net/package-changelog.php?package=APC&release=3.1.4 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 336869 | ||
Bug Blocks: |
Description
Hanno Böck
2010-09-14 00:32:23 UTC
>>> Compiling source in /var/tmp/portage/dev-php5/pecl-apc-3.1.4/work/APC-3.1.4 ...
* Disabling apc-mmap
*
* Using dev-lang/php-5.2.14
*
*
* Using dev-lang/php-5.2.14
*
*
* Using dev-lang/php-5.2.14
*
* QA Notice: econf called in src_compile instead of src_configure
* econf: updating APC-3.1.4/config.sub with /usr/share/gnuconfig/config.sub
* econf: updating APC-3.1.4/config.guess with /usr/share/gnuconfig/config.guess
x86 stable amd64 done ppc done Can you stable php-5.3.3 for amd64 please because in combitation dev-php5/pecl-apc-3.1.4 dev-lang/php-5.2.14 appear bug http://pecl.php.net/bugs/bug.php?id=16966 I get this http://pecl.php.net/bugs/bug.php?id=16966 on 5.3.3-pl1-gentoo Need find fix in svn... It seems they released a 3.1.6 version, and it's marked as stable: http://pecl.php.net/package/APC/3.1.6 I suggest to bump the version to 3.1.6 and "ditch" 3.1.5 and less Ebuilds for pecl-apc-3.1.6 has been commited to CVS pecl-apc-3.1.4 stabled on sparc. Should I close this now? Thanks, Michael. (In reply to comment #10) > pecl-apc-3.1.4 stabled on sparc. Should I close this now? > The security team uses [1] and [2] to manage security bugs. And as such, we handle the closure of all security bugs. That said, closing this [noglsa] since it is a Cross-site Scripting vulnerability. [1] http://www.gentoo.org/security/en/vulnerability-policy.xml [2] http://www.gentoo.org/security/en/coordinator_guide.xml |