Site Navigation

Date:      Thu,  7 Jul 2005 19:22:56 +0200 (CEST)
From:      Thierry Thomas <thierry@pompo.net>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/83106: devel/pear-XML_RPC: eliminate two path disclosure vulnerabilities.
Message-ID:  <20050707172256.DDCB022B8B1@ws90bj.pompo.net>
Resent-Message-ID: <200507071730.j67HUJhp012985@freefall.freebsd.org>

---

next in thread | raw e-mail | index | archive | help

---

>Number:         83106
>Category:       ports
>Synopsis:       devel/pear-XML_RPC: eliminate two path disclosure vulnerabilities.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 07 17:30:19 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Thierry Thomas
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
Kabbale Eros
>Environment:
System: FreeBSD ws90bj.pompo.net 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun May 22 14:07:39 CEST 2005 thierry@ws90bj.pompo.net:/usr/obj/usr/src/sys/WS90BJ-050222 i386


	
>Description:
	Update to 1.3.2. According to changelog:

	* Eliminate path disclosure vulnerabilities by suppressing error
	  messages when eval()'ing;
	* Eliminate path disclosure vulnerability by catching bogus parameters
	  submitted to XML_RPC_Value::serializeval().

	Full changelog at <http://pear.php.net/package/XML_RPC/download/1.3.2>.

>How-To-Repeat:
	N/A.

>Fix:
	Apply the following patch:

--- pear-XML_RPC.diff begins here ---
diff -urN devel/pear-XML_RPC.orig/Makefile devel/pear-XML_RPC/Makefile
--- devel/pear-XML_RPC.orig/Makefile	Mon Jul  4 19:20:45 2005
+++ devel/pear-XML_RPC/Makefile	Thu Jul  7 19:08:43 2005
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	XML_RPC
-PORTVERSION=	1.3.1
+PORTVERSION=	1.3.2
 CATEGORIES=	devel www pear
 
 MAINTAINER=	antonio@php.net
diff -urN devel/pear-XML_RPC.orig/distinfo devel/pear-XML_RPC/distinfo
--- devel/pear-XML_RPC.orig/distinfo	Mon Jul  4 19:20:56 2005
+++ devel/pear-XML_RPC/distinfo	Thu Jul  7 19:08:59 2005
@@ -1,2 +1,2 @@
-MD5 (PEAR/XML_RPC-1.3.1.tgz) = c27e8cc85ff7cb86b119e933bd2eafc1
-SIZE (PEAR/XML_RPC-1.3.1.tgz) = 25310
+MD5 (PEAR/XML_RPC-1.3.2.tgz) = 6f2d8de8f5ddd72dba3946e0a8c95a40
+SIZE (PEAR/XML_RPC-1.3.2.tgz) = 25837
--- pear-XML_RPC.diff ends here ---

>Release-Note:
>Audit-Trail:
>Unformatted:

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050707172256.DDCB022B8B1>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact