Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 97651 - www-apps/egroupware is affected by XML_RPC PHP flaw (CAN-2005-1921)
Summary: www-apps/egroupware is affected by XML_RPC PHP flaw (CAN-2005-1921)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa]
Depends on:
Reported: 2005-07-01 13:26 UTC by Thierry Carrez (RETIRED)
Modified: 2005-07-10 12:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

egroupware.patch (egroupware.patch,1.06 KB, patch)
2005-07-04 13:37 UTC, Thierry Carrez (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Thierry Carrez (RETIRED) gentoo-dev 2005-07-01 13:26:58 UTC
According to GulfTech advisory egroupware is also affected.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-07-04 13:21:31 UTC
egroupware uses a really old version of what has finally become phpxmlrpc (in
phpgwapi/inc/ Needs a careful backport too :/
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-07-04 13:37:14 UTC
Created attachment 62618 [details, diff]

Backported patch from PEAR fix
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2005-07-04 13:49:22 UTC
web-apps: please bump with patch... and test a little (I didn't)
Comment 4 Stuart Herbert (RETIRED) gentoo-dev 2005-07-05 17:08:26 UTC
Patched and rev-bumped.

Best regards,
Comment 5 Thierry Carrez (RETIRED) gentoo-dev 2005-07-06 01:17:07 UTC
alpha amd64 ppc x86 : please mark stable, this is a really minor (but needed)
bump that shouldn't break anything.
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-07-06 12:57:31 UTC
Stable on ppc.
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2005-07-07 09:48:17 UTC
Arches: please mark stable so that the GLSA on this exploited vuln can go out.
Comment 8 Matthias Geerdsen (RETIRED) gentoo-dev 2005-07-08 04:27:16 UTC
stable on alpha, thanks kloeri

amd64/x86/web-apps, pls test and mark stable
Comment 9 Renat Lumpau (RETIRED) gentoo-dev 2005-07-09 07:26:53 UTC
Stuart - why is the epatch line in the ebuild commented out?

#   epatch ${FILESDIR}/${PN}-
Comment 10 Matthias Geerdsen (RETIRED) gentoo-dev 2005-07-09 07:37:36 UTC
back to ebuild status, until the issue in comment #9 is fixed
Comment 11 Renat Lumpau (RETIRED) gentoo-dev 2005-07-09 19:02:06 UTC
Upstream released a new version. in Portage, marked stable on x86.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-09 19:10:28 UTC
Recalling alpha and ppc. Arches, please test and mark stable. Note
that this one is late and it's already being exploited + blocks another GLSA, so
don't wait too long. Thanks everbody!
Comment 13 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-09 21:37:32 UTC
alpha, ppc, x86: i just noticed that you are already marked stable, sorry to
annoy you :( only amd64 left to go.
Comment 14 Danny van Dyk (RETIRED) gentoo-dev 2005-07-10 12:02:39 UTC
Sorry for the delay Stefan. amd64 is stable now.
Comment 15 Danny van Dyk (RETIRED) gentoo-dev 2005-07-10 12:03:10 UTC
Should remove us from CC as well :-)
Comment 16 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-10 12:05:48 UTC
Ready for GLSA
Comment 17 Matthias Geerdsen (RETIRED) gentoo-dev 2005-07-10 12:35:32 UTC
GLSA 200507-08

thanks everyone