[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability

To: Martin Pitt <martin.pitt@xxxxxxxxxxxxx>
Subject: [Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability
From: Jan Schneider <jan@xxxxxxxxx>
Date: Fri, 08 Jul 2005 11:14:21 +0200

Zitat von Martin Pitt <martin.pitt@xxxxxxxxxxxxx>:

Please note that many applications contain a copy of the affected XMLRPC code, which must be fixed separately. The following packages may also be affected, but are unsupported in Ubuntu:
- drupal
- wordpress
- phpwiki
- horde3
- ewiki
- egroupware
- phpgroupware

To avoid confusion, I want to make clear that Horde applications are NOT affected by this vulnerability because we don't use the vulnerable software. I would appreciate if such statements would be cross checked with the projects before releasing them to the public.

Jan.

--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability
  - From: Matt Zimmerman

References:
- [Full-disclosure] [USN-147-1] PHP XMLRPC vulnerability
  - From: Martin Pitt

Prev by Date: Re: [Full-disclosure] Multiple Vulnerabilities in Saeven.net's WhoisCart software.
Next by Date: Re: [Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability
Previous by thread: [Full-disclosure] [USN-147-1] PHP XMLRPC vulnerability
Next by thread: Re: [Full-disclosure] Re: [USN-147-1] PHP XMLRPC vulnerability
Index(es):
- Date
- Thread