According to GulfTech advisory egroupware is also affected.
egroupware uses a really old version of what has finally become phpxmlrpc (in phpgwapi/inc/xml_functions.inc.php). Needs a careful backport too :/
Created attachment 62618 [details, diff] egroupware.patch Backported patch from PEAR fix
web-apps: please bump with patch... and test a little (I didn't)
Patched and rev-bumped. Best regards, Stu
alpha amd64 ppc x86 : please mark stable, this is a really minor (but needed) bump that shouldn't break anything.
Stable on ppc.
Arches: please mark stable so that the GLSA on this exploited vuln can go out.
stable on alpha, thanks kloeri amd64/x86/web-apps, pls test and mark stable
Stuart - why is the epatch line in the ebuild commented out? # epatch ${FILESDIR}/${PN}-1.0.0.007-xmlrpc.patch
back to ebuild status, until the issue in comment #9 is fixed
Upstream released a new version. 1.0.0.008 in Portage, marked stable on x86.
Recalling alpha and ppc. Arches, please test 1.0.0.008 and mark stable. Note that this one is late and it's already being exploited + blocks another GLSA, so don't wait too long. Thanks everbody!
alpha, ppc, x86: i just noticed that you are already marked stable, sorry to annoy you :( only amd64 left to go.
Sorry for the delay Stefan. amd64 is stable now.
Should remove us from CC as well :-)
Ready for GLSA
GLSA 200507-08 thanks everyone