Summary: | dev-php/php pear client is affected by XML_RPC PHP flaw (CAN-2005-1921) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thierry Carrez (RETIRED) <koon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | php-bugs |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1921 | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Thierry Carrez (RETIRED)
2005-07-01 13:42:34 UTC
Rating B2 as it requires the unusual setup of having malicious PEAR servers to connect to... Maybe just adding RDEPEND=">=dev-php/PEAR-XML_RPC-1.3.1" to the dev-php/php, dev-php/php-cgi, and dev-php/mod_php ebuilds does the trick. php herd: your call... we are a little late already :) PHP herd waits for php 4.4.0 final. PHP 4.4.0 (final) is in the tree. Arches please test and mark 4.4.0 stable, thank you. mod_php-4.4.0 has a dependency on >=net-www/apache-2.0.54-r10. do we really want this right now (as I belive this is one of the apache builds with the new config)? I am working on a new ebuild for mod_php-4.4.0 that is based on the current mod_php-4.3.11 ebuild. The current mod_php-4.4.0 ebuild will become mod_php-4.4.0-r1 and use the new Apache layout. Stable on x86. sparc stable. stable on ppc64 ppc stable ppc64: please stabilise php-cgi-4.4.0 as part of this bug. General note: dev-php/php, dev-php/php-cgi and dev-php/mod_php packages always need stabilising at the same time. Best regards, Stu Stable on alpha + ia64. stuart: we (ppc64) have never had an ebuild keyworded for the 4.x release series. If you *realy want* this package stable on ppc64, I'm going to test it. :-) php-cgi was never keyworded ppc64 so I guess it could stay that way. That said, we are still missing a few keywords : amd64: on php, mod_php and php-cgi 4.4.0 hppa: on php-cgi 4.4.0 dev-php/php-4.4.0 dev-php/php-cgi-4.4.0 dev-php/mod_php-4.4.0-r1 tested in amd64. Works fine. thanks, amd64 finally stable Thanks. Stable on hppa. amd64 still misses php-cgi AFAICT... sorry, forgot about php-cgi... amd64 finally done. GLSA 200507-15 mips, s390 should mark stable to benefit from GLSA Stable on mips. |