Bug 13789 - glpi new security issue CVE-2014-5032
Summary: glpi new security issue CVE-2014-5032
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/629242/
Depends on: 14933
  Show dependency treegraph
Reported: 2014-07-23 00:44 CEST by David Walser
Modified: 2015-01-12 19:18 CET (History)
1 user (show)

See Also:
Source RPM: glpi-0.84.6-1.mga5.src.rpm
Status comment:


Description David Walser 2014-07-23 00:44:50 CEST
A CVE has been assigned for a security issue fixed in GLPI 0.84.7:

The upstream bug, upstream commit to fix the issue, and release announcement for GLPI 0.84.7 are all linked in the message above.


Steps to Reproduce:
David Walser 2014-07-23 00:44:58 CEST

Whiteboard: (none) => MGA4TOO, MGA3TOO

Comment 1 Oden Eriksson 2014-07-31 12:57:36 CEST

CC: (none) => oe

Comment 2 David Walser 2014-07-31 14:05:59 CEST
(In reply to Oden Eriksson from comment #1)
> https://bugzilla.redhat.com/show_bug.cgi?id=1122067#c2

So we have 0.84.x in Mageia 3 and up, so they are all affected.
Comment 3 Oden Eriksson 2014-07-31 15:20:11 CEST
mga3 has glpi-0.83.91-1.1.mga3
Comment 4 Guillaume Rousse 2014-07-31 15:30:18 CEST
That's just a minor information leak, for a very specific information category, that would only affect people with fine grained access control. Not worth an update for me.
Comment 5 David Walser 2014-07-31 15:56:28 CEST
(In reply to Oden Eriksson from comment #3)
> mga3 has glpi-0.83.91-1.1.mga3

Oops, I forgot my laptop is running mga4 for a minute there :o)

Whiteboard: MGA4TOO, MGA3TOO => MGA4TOO

Comment 6 David Walser 2014-07-31 16:00:53 CEST
Fixed in Cauldron in glpi-0.84.7-1.mga5 by Oden.

Version: Cauldron => 4
Whiteboard: MGA4TOO => (none)

David Walser 2015-01-02 19:45:41 CET

Depends on: (none) => 14933

Comment 7 David Walser 2015-01-09 17:57:30 CET
Fixed in http://advisories.mageia.org/MGASA-2015-0017.html

Resolution: (none) => FIXED

David Walser 2015-01-12 19:18:03 CET

URL: (none) => http://lwn.net/Vulnerabilities/629242/

Note You need to log in before you can comment on or make changes to this bug.