Debian Package Tracker

From: Thijs Kinkhorst <thijs@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted phpwiki 1.3.12p3-6.1 (source all)
Date: Sun, 09 Sep 2007 12:32:06 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 09 Sep 2007 14:10:57 +0200
Source: phpwiki
Binary: phpwiki
Architecture: source all
Version: 1.3.12p3-6.1
Distribution: unstable
Urgency: high
Maintainer: Matt Brown <mattb@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 phpwiki    - informal collaborative website manager
Closes: 429201 441390
Changes: 
 phpwiki (1.3.12p3-6.1) unstable; urgency=high
 .
   * NMU by the testing security team, with maintainer approval.
   * CVE-2007-3193: lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the
     configuration lacks a nonzero PASSWORD_LENGTH_MINIMUM, might allow remote
     attackers to bypass authentication via an empty password, which causes
     ldap_bind to return true when used with certain LDAP implementations.
     (Closes: #429201)
   * CVE-2007-2024, CVE-2007-2025: Unrestricted file upload vulnerability in
     the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.11p1 allows
     remote attackers to upload arbitrary PHP files with a double extension, as
     demonstrated by .php.3, which is interpreted by Apache as being a valid
     PHP file.
     (Closes: #441390)
Files: 
 602ff85abf15b44168a96db76e039d6f 934 web optional phpwiki_1.3.12p3-6.1.dsc
 26fd9260ce97813898cf78267982186c 50786 web optional phpwiki_1.3.12p3-6.1.diff.gz
 fa7efaa0bbc83817d92923bed0a33e0e 2858092 web optional phpwiki_1.3.12p3-6.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRuPjs2z0hbPcukPfAQLbtAf/Z7sddZw2Euo3LyAvYfpfSbF4gHNSDCk+
ID83jEmJZUDl6tSloeB9dazYnEbTIqS9DpSaS3XGdu+wZKGbVn6OmUlZX3T+FVGx
nvk8cNL2Xl45FYox2fwqOvDk9vYG/WAaPfeleMs/OG5tZEzUgsRmtofCfBEaMRfP
WrRACRyiB6YsC9SIbqkTH7gW568OrHVQe0zsT2CMJGOSXMPY7rt5lyRmeHal9cwA
tIqiHve2TuKEqKjTpJtrN0Sg40Fplth+5rl027P4XgDXlb1Fe1ef1DqMXT6aIxe2
tgMwwNltFh+zd0Ry9KNIb3gGw2G0QwJgQW84LXUQjlTv3JOQomm4sw==
=Y6Tg
-----END PGP SIGNATURE-----


Accepted:
phpwiki_1.3.12p3-6.1.diff.gz
  to pool/main/p/phpwiki/phpwiki_1.3.12p3-6.1.diff.gz
phpwiki_1.3.12p3-6.1.dsc
  to pool/main/p/phpwiki/phpwiki_1.3.12p3-6.1.dsc
phpwiki_1.3.12p3-6.1_all.deb
  to pool/main/p/phpwiki/phpwiki_1.3.12p3-6.1_all.deb
News for package phpwiki
