Full Disclosure mailing list archives
Re: Re: FD-V5-I5 [ GLSA 200507-01 ] PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
From: Sebastian Nohn <sebastian () nohn net>
Date: Tue, 05 Jul 2005 13:47:06 +0200
Tony Dodd wrote:
There is talk from some people that simply upgrading phpxmlrpc will not suffice, and that you have to upgrade everything which uses it. Confusion abundant so to speak.Anyone have any clarification on this?
If someone bundled a vulnerable package in his distribution, upgrading the original package does not help, you need to upgrade the bundled version also. The easiest way to do that is to upgrade the application that bundles the lib (given that the application developers provide an updated version).
Sebastian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: FD-V5-I5 [ GLSA 200507-01 ] PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability Tony Dodd (Jul 05)
- Re: Re: FD-V5-I5 [ GLSA 200507-01 ] PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability Sebastian Nohn (Jul 05)