Summary: | www-apps/phpwebsite: possible http response splitting attack | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthias Geerdsen (RETIRED) <vorlon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | rizzo |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://phpwebsite.appstate.edu/index.php?module=announce&ANN_user_op=view&ANN_id=863 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matthias Geerdsen (RETIRED)
2004-11-17 01:11:04 UTC
Don, pls provide an updated ebuild www-apps/phpwebsite-0.9.3_p4-r2 now in portage. ~ for all arches. Thanks Don. Arches, please teset and mark www-apps/phpwebsite-0.9.3_p4-r2 stable the comments in files/postinstall-en.txt are wrong cd ${MY_HTDOCSDIR}/phpwebsite/setup should be /var/www/localhost/htdocs/phpwebsite/setup (or something like that) ./secure_setup.sh should be ./secure_phpws.sh or something like that anyways.. appart from that it seems ok... *prod* is files/postinstall-en.txt getting fixed? rizzo : please fix postinstall-en.txt (no revision needed, I think) alpha,ppc : please mark stable whatever version is there, the postinstall-en.txt is not a blocker. Fixed. I wasn't sure about the htdocs location with all the webapp-config stuff, but phpwebsite really handles its own branching anyway, so I've hard coded the /var/www/localhost location as you specified. Sorry for delay. Stable on alpha. Marked stable on ppc. Maintainer or x86 should mark www-apps/phpwebsite-0.9.3_p4-r2 stable too. x86 stable.. sorry for the delay This calls a vote. I would vote for a GLSA :) phpwebsite is exposed. I vote for GLSA on this. Then GLSA there will be Thanks everyone. GLSA 200411-35 |