| Summary: | www-apps/phpwiki: XML-RPC vulnerability (CAN-2005-1921) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | trivial | CC: | web-apps | ||||
| Priority: | High | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Other | ||||||
| Whiteboard: | ~1 [noglsa] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
|
Description
Thierry Carrez (RETIRED)
2005-06-30 01:52:23 UTC
Ccing stuart. Feel free to open this bug as soon as you think it's public enough. We might have to patch this one before upstream does... Now officially affected after latest Gulftech thing. Same thing as for tikiwki. It includes some old version of phpxmlrpc code (some intermediary version), so the fix must be backported by some PHP-aware folk (note that maybe copying the xmlrpc.inc and xmlrpcs.inc over is sufficient ?). Created attachment 62620 [details, diff]
phpwiki.patch
Backported patch from PEAR fix
web-apps: please bump with patch... and test a little (I didn't) Looking at this one now ... phpwiki-1.2.4 is unaffected. phpwiki-1.3.10-r1 is now in the tree, and includes the patch. There's no stabilisation needed; phpwiki-1.3.10's keywords were ~ppc ~sparc ~x86. Best regards, Stu Thanks everyone, Stable version was unaffected. No GLSA published. |