83042 – [MAINTAINER UPDATE] www/b2evo: Fix for XML-RPC vulnerability

Bug 83042 - [MAINTAINER UPDATE] www/b2evo: Fix for XML-RPC vulnerability

Summary: [MAINTAINER UPDATE] www/b2evo: Fix for XML-RPC vulnerability

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-07-06 02:10 UTC by chinsan
Modified:	2005-07-06 07:50 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
b2evo.patch (1.39 KB, patch) 2005-07-06 02:10 UTC, chinsan	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description chinsan 2005-07-06 02:10:04 UTC

A critical security issue has been discovered in the XML-RPC for PHP 
that most applications use, including b2evolution.

It is highly recommended to fix.
This should overwrite the two following files in /blogs/b2evocore/ folder:

    * _functions_xmlrpc.php
    * _functions_xmlrpcs.php

This patch has been tested on the latest 0.9.0.12 "Amsterdam" release 
but is believed to work on all 0.9.0.x versions.

The patch will be included in future releases.

Ref:
http://b2evolution.net/news/2005/07/05/fix_for_xml_rpc_vulnerability

How-To-Repeat: 
http://b2evolution.net/news/2005/07/05/fix_for_xml_rpc_vulnerability

Comment 1 Cheng-Lung Sung freebsd_committer

2005-07-06 07:50:06 UTC

State Changed
From-To: open->closed

Committed, Thank you.