According to GulfTech advisory TikiWiki is also affected.
This one is not easy... It includes some old version of phpxmlrpc code (apparently the first version), so the fix must be backported by some PHP-aware folk (note that maybe copying the xmlrpc.inc and xmlrpcs.inc over is sufficient ?).
Created attachment 62621 [details, diff] tikiwiki.patch Backported patch from PEAR
web-apps: please bump with patch... and test a little (I didn't)
tikiwiki-1.8.5-r1 is patched and in the tree. I've also attached the patch that I used, in case anyone is patching copies of this app by hand. Best regards, Stu
Created attachment 62725 [details, diff] Updated patch for security hole
Ready for GLSA
Thx everyone. GLSA 200507-06