Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 603766 - <www-apps/ampache-3.8.3: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)
Summary: <www-apps/ampache-3.8.3: Remote code execution through embedded dev-php/PHPMa...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/ampache/ampache/is...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: 603752
  Show dependency tree
 
Reported: 2016-12-26 13:58 UTC by Thomas Deutschmann
Modified: 2017-07-08 13:45 UTC (History)
1 user (show)

See Also:
Package list:
www-apps/ampache-3.8.3
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2016-12-26 13:58:32 UTC
It is suspected that this package is vulnerable to a security vulnerability via embedded dev-php/PHPMailer. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. 

Please see the information contained in the tracker bug 603752.
Comment 1 Kristian Fiskerstrand gentoo-dev Security 2016-12-26 18:29:52 UTC
Reported upstream in ${URL}
Comment 2 Kristian Fiskerstrand gentoo-dev Security 2017-06-25 18:20:28 UTC
The updated version was published some days ago, so bumped:

commit 6e742115c483e4dcb2e2f53da27d4e87364cdc93 (HEAD -> master, origin/master, origin/HEAD)
Author: Kristian Fiskerstrand <k_f@gentoo.org>
Date:   Sun Jun 25 20:18:45 2017 +0200

    www-apps/ampache: New upstream version 3.8.3
    
    Gentoo-Bug: 603766
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.1
Comment 3 Agostino Sarubbo gentoo-dev 2017-06-28 13:19:32 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-06-30 11:10:22 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 5 Thomas Deutschmann gentoo-dev Security 2017-07-08 13:29:48 UTC
GLSA Vote: No!

@ Maintainer(s): Please cleanup and drop <www-apps/ampache-3.8.3!
Comment 6 Kristian Fiskerstrand gentoo-dev Security 2017-07-08 13:45:44 UTC
commit ae50861d8715e275725568f7b1b5fb033a8035d4 (HEAD -> master, origin/master, origin/HEAD)
Author: Kristian Fiskerstrand <k_f@gentoo.org>
Date:   Sat Jul 8 15:43:13 2017 +0200

    www-apps/ampache: Cleanup old
    
    Gentoo-Bug: 603766
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.1