|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Re: FD-V5-I5 [ GLSA 200507-01 ] PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
From: Sebastian Nohn (sebastian
nohn.net)
Date: Tue Jul 05 2005 - 06:47:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tony Dodd wrote:
> There is talk from some people that simply upgrading phpxmlrpc will not
> suffice, and that you have to upgrade everything which uses it.
> Confusion abundant so to speak.
>
> Anyone have any clarification on this?
If someone bundled a vulnerable package in his distribution, upgrading
the original package does not help, you need to upgrade the bundled
version also. The easiest way to do that is to upgrade the application
that bundles the lib (given that the application developers provide an
updated version).
Sebastian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]