Please sync phpwiki (universe) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpwiki (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
affects ubuntu/phpwiki
status confirmed
subscribe ubuntu-archive
Please sync phpwiki (universe) from Debian unstable (main).
Changelog since current gutsy version 1.3.12p3-6:
phpwiki (1.3.12p3-6.1) unstable; urgency=high
* NMU by the testing security team, with maintainer approval.
* CVE-2007-3193: lib/WikiUser/
configuration lacks a nonzero PASSWORD_
attackers to bypass authentication via an empty password, which causes
ldap_bind to return true when used with certain LDAP implementations.
(Closes: #429201)
* CVE-2007-2024, CVE-2007-2025: Unrestricted file upload vulnerability in
the UpLoad feature (lib/plugin/
remote attackers to upload arbitrary PHP files with a double extension, as
demonstrated by .php.3, which is interpreted by Apache as being a valid
PHP file.
(Closes: #441390)
-- Thijs Kinkhorst <email address hidden> Sun, 09 Sep 2007 14:10:57 +0200
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4 (GNU/Linux)
iQCVAwUBRuUy/
d4Dzb5AX/
04G14416mzhvekJ
1NxX/N92SKY=
=O6HH
-----END PGP SIGNATURE-----
[Updating] phpwiki (1.3.12p3-6 [Ubuntu] < 1.3.12p3-6.1 [Debian]) 1.3.12p3. orig.tar. gz: already in distro - downloading from librarian> 1.3.12p3- 6.1.dsc: downloading from http:// ftp.debian. org/debian/> 1.3.12p3- 6.1.diff. gz: downloading from http:// ftp.debian. org/debian/>
* Trying to add phpwiki...
- <phpwiki_
- <phpwiki_
- <phpwiki_
I: phpwiki [universe] -> phpwiki_1.3.12p3-6 [universe].