CVE-2005-1921

NameCVE-2005-1921
DescriptionEval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...
SourceCVE (at NVD; oss-sec, OSVDB, EDB, Red Hat, Ubuntu, Gentoo, SuSE, more)
ReferencesDSA-745-1, DSA-746-1, DSA-747-1, DSA-789-1, DTSA-15-1
Debian Bugs316362, 316447, 316714, 317263
Debian/oldstablenot vulnerable.
Debian/stablenot known to be vulnerable.
Debian/testingnot known to be vulnerable.
Debian/unstablenot known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
horde3 (PTS)squeeze, squeeze (security)3.3.8+debian0-3fixed
serendipity (PTS)squeeze1.5.3-2fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
drupalsource(unstable)4.5.4-1high316362
drupalsourcesarge4.5.3-3highDSA-745-1
egroupwaresource(unstable)1.0.0.007-3.dfsg-1high317263
egroupwaresourcesarge1.0.0.007-2.dfsg-2sarge1highDSA-747-1
horde3source(unstable)(not affected)
php4source(unstable)4:4.3.10-16high316447
php4sourceetch4:4.3.10-16etch1DTSA-15-1
php4sourcesarge4:4.3.10-16highDSA-789-1
php4sourcewoody4:4.1.2-7.woody5highDSA-789-1
phpgroupwareunknown(unstable)0.9.16.006-1high
phpgroupwareunknownsarge0.9.16.005-3.sarge0highDSA-746-1
phpgroupwareunknownwoody(unfixed)highDSA-746-1
phpwikiunknown(unstable)1.3.7-4high316714
serendipitysource(unstable)1.0-1

Notes

- horde3 <not-affected> (horde3 ships different XMLRPC code)

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)