Bug #9937 :: Security Exploit CVE-2005-4593

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 1.5.0a1

Bug #9937	Security Exploit CVE-2005-4593
Submitted:	2007-01-24 23:19 UTC
From:	jeichorn	Assigned:	ashnazg
Status:	Closed	Package:	PhpDocumentor (version 1.3.1)
PHP Version:	Irrelevant	OS:
Roadmaps:	1.3.2
Subscription	Your email:

Comments Patches (2) Add Comment Add patch

[2007-01-24 23:19 UTC] jeichorn (Joshua Eichorn)

Description:
------------
I just noticed this today but there is a Published exploit for phpDocumentor

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4593

You shouldn't be installing phpDocumentor on public web servers but i guess its worth fixing anyway.

Comments

[2007-02-07 16:45 UTC] cellog (Greg Beaver)

test

[2007-03-13 20:43 UTC] ashnazg (Chuck Burgess)

Josh, I've patched the two affected files.

I don't have a working web interface for phpdoc set up.  Do you have one where you can apply the file_dialog.php patch and verify it works?

[2007-03-13 20:58 UTC] jeichorn (Joshua Eichorn)

I don't have the web interface setup anywhere, if the file passes php -l commit, the patch looks correct to me.

[2007-03-14 11:49 UTC] ashnazg (Chuck Burgess)

lint check is good, committed both patches.