Pay attention...likely to affect people here and possibly ma
2 posts
• Page 1 of 1
Pay attention...likely to affect people here and possibly ma
by jiml8 » May 29th, '22, 03:07
- jiml8
- Posts: 1254
- Joined: Jul 7th, '13, 18:09
Re: Pay attention...likely to affect people here and possibl
by sturmvogel » May 29th, '22, 07:19
To add some more content. "ctx" and "phpass" are not shipped with Mageia. Sideloading/downloading of additional librarys (deps) whilst build process is not possible on Mageia build clusters. So it is highly unlikely that any Mageia package is affected.
This warning is relevant for users which downloaded "ctx" and "phpass" from the relevant developers site and are using them on their own system. Even if (according to the linked arcticle) the usage of this packages is high, there is no single distribution out there which officially ships these packages. Centos7 is the only distribution version which ships php-phpass-0.3-5
https://pkgs.org/search/?q=phpass
https://pkgs.org/search/?q=ctx
The report at python-security for ctx (user which installed ctx between May 14, 2022 and May 24, 2022 are affected only):
https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html
This warning is relevant for users which downloaded "ctx" and "phpass" from the relevant developers site and are using them on their own system. Even if (according to the linked arcticle) the usage of this packages is high, there is no single distribution out there which officially ships these packages. Centos7 is the only distribution version which ships php-phpass-0.3-5
https://pkgs.org/search/?q=phpass
https://pkgs.org/search/?q=ctx
The report at python-security for ctx (user which installed ctx between May 14, 2022 and May 24, 2022 are affected only):
https://python-security.readthedocs.io/pypi-vuln/index-2022-05-24-ctx-domain-takeover.html
- sturmvogel
- Posts: 744
- Joined: Jul 30th, '12, 00:39
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest