Bug 18245

Summary: glpi new security issue fixed upstream in 0.90.3
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/684747/
Whiteboard:
Source RPM: glpi-0.90.1-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2016-04-22 19:02:08 CEST 
Upstream has released version 0.90.3 on April 11:
http://www.glpi-project.org/spip.php?page=annonce&id_breve=358&lang=en

It fixes an SQL injection security issue:
https://github.com/glpi-project/glpi/issues/581

I don't know whether Mageia 5's version is affected.

Fedora has issued an advisory for this on April 21:
https://lists.fedoraproject.org/pipermail/package-announce/2016-April/182895.html
Comment 1 David Walser 2016-04-24 18:57:29 CEST 
glpi-0.90.3-1.mga6 uploaded for Cauldron by Guillaume.

Marking as FIXED for now.  Feel free to re-open if you learn that the Mageia 5 version is affected.

Status: NEW => RESOLVED
Resolution: (none) => FIXED