Bug 97648

Summary:

www-apps/tikiwiki is affected by XML_RPC PHP flaw (CAN-2005-1921)

Product:

Gentoo Security

Reporter:

Thierry Carrez (RETIRED) <koon>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

major

CC:

web-apps

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

Whiteboard:

B1 [glsa]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
tikiwiki.patch	none
Updated patch for security hole	none

Description Thierry Carrez (RETIRED) gentoo-dev

2005-07-01 13:24:29 UTC

According to GulfTech advisory TikiWiki is also affected.

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-07-04 12:55:06 UTC

This one is not easy...
It includes some old version of phpxmlrpc code (apparently the first version),
so the fix must be backported by some PHP-aware folk (note that maybe copying
the xmlrpc.inc and xmlrpcs.inc over is sufficient ?).

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2005-07-04 13:46:13 UTC

Created attachment 62621 [details, diff]
tikiwiki.patch

Backported patch from PEAR

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-07-04 13:50:09 UTC

web-apps: please bump with patch... and test a little (I didn't)

Comment 4 Stuart Herbert (RETIRED) gentoo-dev

2005-07-05 16:12:08 UTC

tikiwiki-1.8.5-r1 is patched and in the tree.

I've also attached the patch that I used, in case anyone is patching copies of
this app by hand.

Best regards,
Stu

Comment 5 Stuart Herbert (RETIRED) gentoo-dev

2005-07-05 16:12:46 UTC

Created attachment 62725 [details, diff]
Updated patch for security hole

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2005-07-06 01:13:17 UTC

Ready for GLSA

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-07-06 14:09:58 UTC

Thx everyone. 
 
GLSA 200507-06