Hosting Provided By

Accepted phpwiki 1.3.12p3-5etch1 (source all)

From: Thijs Kinkhorst <thijs(at)debian.org>
Date: Wed Sep 12 2007 - 15:56:16 EDT

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Format: 1.7
Date: Sun, 9 Sep 2007 13:58:30 +0200
Source: phpwiki
Binary: phpwiki
Architecture: source all
Version: 1.3.12p3-5etch1
Distribution: stable-security
Urgency: high
Maintainer: Matt Brown <mattb@debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description:
phpwiki - informal collaborative website manager Closes: 429201 441390
Changes:
phpwiki (1.3.12p3-5etch1) stable-security; urgency=high .

Non-maintainer upload by the security team.
CVE-2007-3193: lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote attackers to bypass authentication via an empty password, which causes ldap_bind to return true when used with certain LDAP implementations. (Closes: #429201)
CVE-2007-2024, CVE-2007-2025: Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file. (Closes: #441390) Files: 8d23044064042e6130066a2ca8c4717c 940 web optional phpwiki_1.3.12p3-5etch1.dsc 7073885a9a3993db0e1820315a224e54 3651174 web optional phpwiki_1.3.12p3.orig.tar.gz 2deb7c9bc44ccaa1ecaf88656c7f1b27 52689 web optional phpwiki_1.3.12p3-5etch1.diff.gz 178a4ca234bf9b66c4b96a3f635dd510 2885540 web optional phpwiki_1.3.12p3-5etch1_all.deb

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRuPivmz0hbPcukPfAQLEaQf/csFY7+/Rty/t/YMLPiBojeyY4yGYpUlB PUpFNkO1SzAv3EvXP2OAUxCpaHZc2vzqpb5IbCrGxixiwQ8EMryvcruqZ91hiWSU 2zK69u85+XpPJPmk5xHw7S2kt5T4apOQx/+sdJUkE0xDNg2OTTp/H6CEA/C4eC4C Mi4iasskzY89fdyEQpTuqYA4YvNtPkpIQGjFCUi7wTCFx6vFghzn1fOtI6G4RHfJ r1cGH2el8Sq8U6ARZnZ2ePpVXsG5atrDvpdJEogzhpN8ZiLqMw+dWzLVMhIKBh56 osxveSyfVTAdZQLztpI5SYiGfrboZigQUJpADpMYo6USO+RRJM/gDg== =GaMy
-----END PGP SIGNATURE-----
Accepted:
phpwiki_1.3.12p3-5etch1.diff.gz
  to pool/main/p/phpwiki/phpwiki_1.3.12p3-5etch1.diff.gz phpwiki_1.3.12p3-5etch1.dsc
  to pool/main/p/phpwiki/phpwiki_1.3.12p3-5etch1.dsc phpwiki_1.3.12p3-5etch1_all.deb
  to pool/main/p/phpwiki/phpwiki_1.3.12p3-5etch1_all.deb

-- 
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Wed Sep 12 16:03:10 2007

This message: [ Message body ]
Next message: Tim Dijkstra: "Accepted uswsusp 0.3~cvs20060928-7etch1 (source amd64)"
Previous message: Craig Small: "Accepted jffnms 0.8.3dfsg.1-2.1etch1 (source all)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:58:47 EDT