Summary: | www-apps/joomla: multiple vulnerabilities in 1.6.0 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | trivial | CC: | fauli, oli.huber, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/43658/ | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-03-12 20:28:49 UTC
Maintainers, please make sure the ebuild for joomla-1.6.1 is not hard masked and has at least the same keywords the previous ~arch ebuild has. The hard mask will not be reverted as 1.6 is a major rewrite, and an upgrade is not so easily done. Apart from this, the Secunia advisory is a bit misleading as 1.6.0 is the only affected version not anything below that, see the original Joomla! advisories. From the Joomla! FAQ: Question: how long will Joomla 1.5 and 1.6 be supported? Joomla 1.5 is branded a Long Term Support Release (LTS)and will have support until the beginning of april 2012. Joomla 1.6 is a standard support release, and will be supported until august 2011. Joomla 1.7 should be released in july 2011. More about the development strategy can be found here: http://developer.joomla.org/strategy.html. Additional KEYWORDS added. I've been through the Joomla advisories, most easily found at http://www.joomla.org/announcements/release-news/5350-joomla-161-released.html, and agree it looks like this only affected 1.6.0, which was never in the tree. http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-apps/joomla/?hideattic=0 Therefore, I do not think we have anything to do here; please reopen if you disagree. Thanks, everyone. |