Summary: | www-apps/egroupware is affected by XML_RPC PHP flaw (CAN-2005-1921) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | major | CC: | web-apps | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B1 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Thierry Carrez (RETIRED)
2005-07-01 13:26:58 UTC
egroupware uses a really old version of what has finally become phpxmlrpc (in phpgwapi/inc/xml_functions.inc.php). Needs a careful backport too :/ Created attachment 62618 [details, diff]
egroupware.patch
Backported patch from PEAR fix
web-apps: please bump with patch... and test a little (I didn't) Patched and rev-bumped. Best regards, Stu alpha amd64 ppc x86 : please mark stable, this is a really minor (but needed) bump that shouldn't break anything. Stable on ppc. Arches: please mark stable so that the GLSA on this exploited vuln can go out. stable on alpha, thanks kloeri amd64/x86/web-apps, pls test and mark stable Stuart - why is the epatch line in the ebuild commented out? # epatch ${FILESDIR}/${PN}-1.0.0.007-xmlrpc.patch back to ebuild status, until the issue in comment #9 is fixed Upstream released a new version. 1.0.0.008 in Portage, marked stable on x86. Recalling alpha and ppc. Arches, please test 1.0.0.008 and mark stable. Note that this one is late and it's already being exploited + blocks another GLSA, so don't wait too long. Thanks everbody! alpha, ppc, x86: i just noticed that you are already marked stable, sorry to annoy you :( only amd64 left to go. Sorry for the delay Stefan. amd64 is stable now. Should remove us from CC as well :-) Ready for GLSA GLSA 200507-08 thanks everyone |