Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 102378 - dev-php/phpxmlrpc XML-RPC Vulnerabilities round 2
Summary: dev-php/phpxmlrpc XML-RPC Vulnerabilities round 2
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2005-08-13 07:36 UTC by Sune Kloppenborg Jeppesen
Modified: 2006-03-23 19:42 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen gentoo-dev 2005-08-13 07:36:19 UTC
see bug #102324
Comment 1 Sune Kloppenborg Jeppesen gentoo-dev 2005-08-14 22:04:14 UTC
Now instead see bug #102576 
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-08-18 09:36:39 UTC
Fixed version is PHPXMLRPC 1.2
http://prdownloads.sourceforge.net/phpxmlrpc/xmlrpc.1.2.tgz?download
Comment 3 Tom Knight (RETIRED) gentoo-dev 2005-08-22 10:15:44 UTC
I'm having a look at this, it's proving to be a bit more difficult as there have
been some undocumented changes.
Comment 4 Tom Knight (RETIRED) gentoo-dev 2005-08-22 11:12:18 UTC
phpxmlrpc-1.2 in cvs, stable on x84 and amd64.
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2005-08-22 13:25:27 UTC
sparc stable.
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-22 13:28:46 UTC
Stable on ppc
Comment 7 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-22 14:05:27 UTC
All security-important arches in, ready for GLSA.
Comment 8 Bryan Østergaard (RETIRED) gentoo-dev 2005-08-22 15:30:33 UTC
Stable on ia64.
Comment 9 Maik Musall 2005-08-23 08:45:36 UTC
I wasn't able to update to 1.2 unless I manually emerged
app-text/docbook-sgml-utils including all of it's dependencies.

I used -uD with emerge, so I suspect this is a new dependency of phpxmlrpc on
docbook-sgml-utils?
Comment 10 Tom Knight (RETIRED) gentoo-dev 2005-08-23 09:42:36 UTC
(In reply to comment #9)
> I wasn't able to update to 1.2 unless I manually emerged
> app-text/docbook-sgml-utils including all of it's dependencies.
> 
> I used -uD with emerge, so I suspect this is a new dependency of phpxmlrpc on
> docbook-sgml-utils?
> 

Yes there was a new dependancy introduced with this version, the package that is
needed is actually app-text/docbook-dsssl-stylesheets (which is one of
docbook-sgml-utils' dependancies). I'll fix this when I get home tonight. 
Comment 11 Stefan Cornelius (RETIRED) gentoo-dev 2005-08-23 10:31:05 UTC
Ok, waiting for the new ebuild
Comment 12 Tom Knight (RETIRED) gentoo-dev 2005-08-23 10:49:47 UTC
phpxmlrpc.1.2-r1 in the tree, sorry for the mess up.
Comment 13 Gustavo Zacarias (RETIRED) gentoo-dev 2005-08-23 11:14:33 UTC
stable on sparc, again.
fyi, you shouldn't have removed 1.2 and bumped to -r1 since it was just a build
fix, and also you're doing a security regression by removing the old one until
the new one is keyworded.
Comment 14 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-08-23 11:17:20 UTC
Stable again on ppc.
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2005-08-24 02:52:18 UTC
GLSA 200508-13
ia64 should mark stable to benefit from GLSA