# Joomla 1.5 and security issues?

## bjorntj

Just wondering why Joomla 1.5.3 is masked or which security issues this is?

regards,

BTJ

----------

## baaann

I would be interested in the answer to this as well

----------

## Carlo

 :Arrow:  grep joomla -nC 3 /usr/portage/profiles/package.mask

----------

## bjorntj

Not sure what you mean by this info.... That info was what made me make this thread in the first place, because it didn't say anything about which security issue this was.....

BTJ

----------

## Carlo

Um, wonder what's so hard to grok.You're pointed to bug 211166, which reads

 *Quote:*   

> This is just a tracker for all those web-apps we masked due to constant
> 
> security issues.

 

so these packages are provided, but won't be supported for above mentioned reason. When you're interested in the history of vulnerabilities, have a look at the CVE db or so.

----------

## bjorntj

My problem is that I don't know what security issues these are, since none of this is mentioned on the Joomla site....

(Do the gentoo people/developers know something that the Joomla developers don't?)

BTJ

----------

## baaann

 *Quote:*   

> have a look at the CVE db

 

Thanks Carlo I wasn't aware of the db, but a quick google found it  :Smile: 

@bjorntj

Just enter joomla into this page and it yields 233 matches

http://nvd.nist.gov/nvd.cfm?advancedsearch

----------

## bjorntj

Yes, but as far as I can see, this isn't a problem with core Joomla but all the third party extensions...?

BTJ

----------

## Carlo

Of course the list also includes CVE's for third party extensions. What you're missing is that there is not necessarily an open issue for any of these masked packages. There have been more than enough vulnerabilities, that the maintainers decided not to care about it anymore, so they masked the packages. It's a matter of maintenance cost and also a clear sign towards the user base, to be very careful, if you want to use such a package. When you want to use Joomla you should monitor at least the Joomla mailing lists and maybe the one or the other security mailing list yourself. No one is serving you the information on a plate.

----------

## bjorntj

Ok but that explains my question... Thx...  :Smile: 

BTJ

----------

