Please sync phpwiki (universe) from Debian unstable (main)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| phpwiki (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
affects ubuntu/phpwiki
status confirmed
subscribe ubuntu-archive
Please sync phpwiki (universe) from Debian unstable (main).
Changelog since current gutsy version 1.3.12p3-6:
phpwiki (1.3.12p3-6.1) unstable; urgency=high
* NMU by the testing security team, with maintainer approval.
* CVE-2007-3193: lib/WikiUser/
configuration lacks a nonzero PASSWORD_
attackers to bypass authentication via an empty password, which causes
ldap_bind to return true when used with certain LDAP implementations.
(Closes: #429201)
* CVE-2007-2024, CVE-2007-2025: Unrestricted file upload vulnerability in
the UpLoad feature (lib/plugin/
remote attackers to upload arbitrary PHP files with a double extension, as
demonstrated by .php.3, which is interpreted by Apache as being a valid
PHP file.
(Closes: #441390)
-- Thijs Kinkhorst <email address hidden> Sun, 09 Sep 2007 14:10:57 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)
iQCVAwUBRuUy/
d4Dzb5AX/
04G14416mzhvekJ
1NxX/N92SKY=
=O6HH
-----END PGP SIGNATURE-----
| Sebastien Bacher (seb128) wrote | #1 |
| Changed in phpwiki: | |
| importance: | Undecided → Wishlist |
| status: | Confirmed → Fix Released |
[Updating] phpwiki (1.3.12p3-6 [Ubuntu] < 1.3.12p3-6.1 [Debian])
* Trying to add phpwiki...
- <phpwiki_
- <phpwiki_
- <phpwiki_
I: phpwiki [universe] -> phpwiki_1.3.12p3-6 [universe].