Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 616784 (CVE-2017-7983, CVE-2017-7984, CVE-2017-7985, CVE-2017-7986, CVE-2017-7987, CVE-2017-7988, CVE-2017-7989, CVE-2017-8057)

Summary: www-apps/joomla: Multiple vulnerabilities
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED WONTFIX    
Severity: trivial CC: harold, oli.huber, proxy-maint, web-apps
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [ebuild+ cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-04-27 18:56:28 UTC 
CVE-2017-8057 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8057):
  In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused full
  path disclosures on systems with enabled error reporting.

CVE-2017-7989 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7989):
  In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks
  allowed low-privilege users to upload swf files even if they were explicitly
  forbidden.

CVE-2017-7988 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7988):
  In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of
  form contents allows overwriting the author of an article.

CVE-2017-7987 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7987):
  In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file
  and folder names leads to XSS vulnerabilities in the template manager
  component.

CVE-2017-7986 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7986):
  In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of
  specific HTML attributes leads to XSS vulnerabilities in various components.

CVE-2017-7985 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7985):
  In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of
  multibyte characters leads to XSS vulnerabilities in various components.

CVE-2017-7984 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7984):
  In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads
  to XSS in the template manager component.

CVE-2017-7983 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7983):
  In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the JMail
  API leaked the used PHPMailer version in the mail headers.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2017-05-17 18:42:35 UTC 
# Thomas Deutschmann <whissi@gentoo.org> (17 May 2017)
# Multiple unpatched security vulnerabilities (see bug #603756, #610696, #612650 ...)
# Removal in 30 days.
www-apps/joomla
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-06-17 08:41:11 UTC 
commit fe7d7445faf698a716e9f542fdc18b771fa42b6a
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: Sat Jun 17 10:29:26 2017
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: Sat Jun 17 10:39:58 2017

    www-apps/joomla: Remove last-rited pkg