Re: [Phpgroupware-developers] FW: phpxmlrpc scurity vuln fixed

[Dave Hall]

Hi all,

Just so you are aware of what is happening with this one, I thought I
would post and update.  I have manually applied the fixes based on what
Gaetano sent me.  I am unable to easily test xmlrpc functionality so I
have sent the patch to our Release & QA Coordinator - Christian Boettger
(aka bofh42).  Christian will be testing the fix and organising the
security fix release.

This is considered a priority by the project and is being dealt with in
a prompt manner.

Watch this space.

Cheers

Dave

On Thu, 2005-06-30 at 20:36 +1000, Dave Hall wrote:
> Hi Gaetano,
> 
> I looked at the Secunia and pn advisories and they contain no
> information about the exploit.  Also a diff would make a fix a lot
> easier.
> 
> Can we please continue this discussion off list.
> 
> Cheers
> 
> Dave
> 
> On Thu, 2005-06-30 at 12:02 +0200, Gaetano Giunta wrote:
> > Hello,
> > 
> > I just released version 1.1.1 of phpxmlrpc on SF.net.
> > 
> > The new release is intended to patch the scuirty vulnerability signaled by 
> > GulfTech.
> > 
> > Attached you can find the complete distribution of the library. I am not 
> > providing diffs to the previous versions since I know most of the products 
> > incorporating phpxmlrpc in fact distribute a modified version of the 
> > library.
> > 
> > Please forgive me if I am mailing to the wrong person: I have no complete 
> > list of apps that make use on phpxmlrpc, and dug out a list of 
> > maintainers/coders to contact from the respective websites.
> > 
> > Feel free to contact me for any further information.
> > 
> > Bye
> > Gaetano Giunta
-- 
Dave Hall (aka skwashd)
API Coordinator
phpGroupWare
-------------------------------------------------------------------------
Do you think if Bill Gates got laid in high school, do you think there'd 
be a Microsoft?  Of course not.
Underwear Goes Inside The Pants by Lazy Boy