ports/83106: devel/pear-XML_RPC: eliminate two path disclosure vulnerabilities.
Thierry Thomas
thierry at pompo.net
Thu Jul 7 17:30:20 UTC 2005
>Number: 83106
>Category: ports
>Synopsis: devel/pear-XML_RPC: eliminate two path disclosure vulnerabilities.
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 07 17:30:19 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Thierry Thomas
>Release: FreeBSD 5.4-STABLE i386
>Organization:
Kabbale Eros
>Environment:
System: FreeBSD ws90bj.pompo.net 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun May 22 14:07:39 CEST 2005 thierry at ws90bj.pompo.net:/usr/obj/usr/src/sys/WS90BJ-050222 i386
>Description:
Update to 1.3.2. According to changelog:
* Eliminate path disclosure vulnerabilities by suppressing error
messages when eval()'ing;
* Eliminate path disclosure vulnerability by catching bogus parameters
submitted to XML_RPC_Value::serializeval().
Full changelog at <http://pear.php.net/package/XML_RPC/download/1.3.2>.
>How-To-Repeat:
N/A.
>Fix:
Apply the following patch:
--- pear-XML_RPC.diff begins here ---
diff -urN devel/pear-XML_RPC.orig/Makefile devel/pear-XML_RPC/Makefile
--- devel/pear-XML_RPC.orig/Makefile Mon Jul 4 19:20:45 2005
+++ devel/pear-XML_RPC/Makefile Thu Jul 7 19:08:43 2005
@@ -6,7 +6,7 @@
#
PORTNAME= XML_RPC
-PORTVERSION= 1.3.1
+PORTVERSION= 1.3.2
CATEGORIES= devel www pear
MAINTAINER= antonio at php.net
diff -urN devel/pear-XML_RPC.orig/distinfo devel/pear-XML_RPC/distinfo
--- devel/pear-XML_RPC.orig/distinfo Mon Jul 4 19:20:56 2005
+++ devel/pear-XML_RPC/distinfo Thu Jul 7 19:08:59 2005
@@ -1,2 +1,2 @@
-MD5 (PEAR/XML_RPC-1.3.1.tgz) = c27e8cc85ff7cb86b119e933bd2eafc1
-SIZE (PEAR/XML_RPC-1.3.1.tgz) = 25310
+MD5 (PEAR/XML_RPC-1.3.2.tgz) = 6f2d8de8f5ddd72dba3946e0a8c95a40
+SIZE (PEAR/XML_RPC-1.3.2.tgz) = 25837
--- pear-XML_RPC.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list