Accepted phpwiki 1.3.12p3-6.1 (source)
Ubuntu Installer
archive at ubuntu.com
Wed Sep 19 10:26:27 BST 2007
Accepted:
OK: phpwiki_1.3.12p3.orig.tar.gz
OK: phpwiki_1.3.12p3-6.1.diff.gz
OK: phpwiki_1.3.12p3-6.1.dsc
-> Component: universe Section: web
Origin: Debian/unstable
Format: 1.7
Date: Wed, 19 Sep 2007 09:48:58 +0100
Source: phpwiki
Binary: phpwiki
Architecture: source
Version: 1.3.12p3-6.1
Distribution: gutsy
Urgency: high
Maintainer: Matt Brown <mattb at debian.org>
Changed-By: Michael Bienia <michael at vorlon.ping.de>
Description:
phpwiki - informal collaborative website manager
Closes: 429201 441390
Changes:
phpwiki (1.3.12p3-6.1) unstable; urgency=high
.
* NMU by the testing security team, with maintainer approval.
* CVE-2007-3193: lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the
configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote
attackers to bypass authentication via an empty password, which causes
ldap_bind to return true when used with certain LDAP implementations.
(Closes: #429201)
* CVE-2007-2024, CVE-2007-2025: Unrestricted file upload vulnerability in
the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows
remote attackers to upload arbitrary PHP files with a double extension, as
demonstrated by .php.3, which is interpreted by Apache as being a valid
PHP file.
(Closes: #441390)
Files:
26fd9260ce97813898cf78267982186c 50786 web optional phpwiki_1.3.12p3-6.1.diff.gz
602ff85abf15b44168a96db76e039d6f 934 web optional phpwiki_1.3.12p3-6.1.dsc
More information about the gutsy-changes
mailing list