Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 402269 (CVE-2012-0835)

Summary: <www-apps/joomla-3.3.3: Multiple vulnerabilities (CVE-2012-{0835,0836,0837})
Product: Gentoo Security Reporter: Viorel Tabara <gentoo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: facorread, fauli, oli.huber, proxy-maint, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/47847/
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Comment 1 Tim Sammut (RETIRED) gentoo-dev 2012-02-05 21:02:48 UTC 
Thanks for the bug, Viorel. Please include a little information about the vulnerabilities when opening bugs. Thanks.
Comment 2 Viorel Tabara 2012-02-05 22:07:06 UTC 
This came in on oss-security@lists.openwall.com and is also referenced at 
http://secunia.com/advisories/47847/.


http://developer.joomla.org/security/news/387-20120201-core-information-disclosure.html

Severity: Low
Versions: 2.5.0 and 1.7.0 - 1.7.4
Exploit type: Information Disclosure
Reported Date: 2012-January-29
Fixed Date: 2012-February-02

Description

Inadequate validation leads to information disclosure in administrator.
Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 1.7.5 or 2.5.1 or higher


=====


http://developer.joomla.org/security/news/388-20120202-core-information-disclosure.html

Severity: Moderate
Versions: 1.7.4 and all earlier 1.7.x versions
Exploit type: Information Disclosure
Reported Date: 2012-January-06
Fixed Date: 2012-February-02

Description

On some servers the error log could be read by unauthorised users.
Affected Installs

Joomla! version 1.7.4 and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.1 or 1.7.5 or higher


=====


http://developer.joomla.org/security/news/389-20120203-core-information-disclosure.html

Severity: Low
Versions: 2.5.0 and 1.7.0 - 1.7.4
Exploit type: Information Disclosure
Reported Date: 2012-January-29
Fixed Date: 2012-February-02

Description

Inadequate validation leads to path disclosure in administrator.
Affected Installs

Joomla! version 2.5.0, 1.7.4, and all earlier 1.7.x versions
Solution

Upgrade to version 2.5.1 or 1.7.5 or higher
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-17 01:02:12 UTC 
Can we get the hardmasked 1.7 bumped, please? Just to be safe.
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-26 18:37:59 UTC 
This package is currently masked for removal

# William Hubbs <williamh@gentoo.org> (05 Aug 2014)
# Masked by QA for removal in 30 days.
# The unmasked version is very old, there are multiple open security
# bugs and several version bumps. The package appears to be abandoned.
# This will be removed on 5 Sep 2014 unless someone takes over
# maintenance and brings it up to date.
# See bug #518886
www-apps/joomla
Comment 5 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-09-04 10:38:43 UTC 
Version bumped to 3.3.3 and vulnerable versions are dropped, c.f bug #518886 and bug #410969

Closing noglsa.