Summary: | dev-php/PEAR-PEAR: Security Bypass Vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED WONTFIX | ||
Severity: | minor | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-10-31 15:05:03 UTC
@Maintainers 1.10.3 is in tree, and should contain the fix. Please call for stabilization when ready. Thank you I would rather stabilize the latest PEAR-PEAR, but that requires the new dev-php/phpunit to be stable first. I've asked for that as part of bug 635356, and I'll try to remember to check back in here afterwards. Agree with Redhat's assessment: "Since pear's purpose is to download libraries for inclusion in an application, any use of `pear install` or `pear download` implicitly trusts the server. This vulnerability does not significantly extend the trust already given to pear and to servers used with it." https://bugzilla.redhat.com/show_bug.cgi?id=1418771 |