Package home | Report new bug | New search | Development Roadmap Status: Open | Feedback | All | Closed Since Version 1.5.0a1

Bug #9937 Security Exploit CVE-2005-4593
Submitted: 2007-01-24 23:19 UTC
From: jeichorn Assigned: ashnazg
Status: Closed Package: PhpDocumentor (version 1.3.1)
PHP Version: Irrelevant OS:
Roadmaps: 1.3.2    
Subscription  


Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
MUST BE VALID
Solve the problem : 27 + 35 = ?

 
 [2007-01-24 23:19 UTC] jeichorn (Joshua Eichorn)
Description: ------------ I just noticed this today but there is a Published exploit for phpDocumentor http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4593 You shouldn't be installing phpDocumentor on public web servers but i guess its worth fixing anyway.

Comments

 [2007-02-07 16:45 UTC] cellog (Greg Beaver)
test
 [2007-03-13 20:43 UTC] ashnazg (Chuck Burgess)
Josh, I've patched the two affected files. I don't have a working web interface for phpdoc set up. Do you have one where you can apply the file_dialog.php patch and verify it works?
 [2007-03-13 20:58 UTC] jeichorn (Joshua Eichorn)
I don't have the web interface setup anywhere, if the file passes php -l commit, the patch looks correct to me.
 [2007-03-14 11:49 UTC] ashnazg (Chuck Burgess)
lint check is good, committed both patches.