A CVE has been assigned for a security issue fixed in GLPI 0.84.7: http://openwall.com/lists/oss-security/2014/07/22/15 The upstream bug, upstream commit to fix the issue, and release announcement for GLPI 0.84.7 are all linked in the message above. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO, MGA3TOO
https://bugzilla.redhat.com/show_bug.cgi?id=1122067#c2
CC: (none) => oe
(In reply to Oden Eriksson from comment #1) > https://bugzilla.redhat.com/show_bug.cgi?id=1122067#c2 So we have 0.84.x in Mageia 3 and up, so they are all affected.
mga3 has glpi-0.83.91-1.1.mga3
That's just a minor information leak, for a very specific information category, that would only affect people with fine grained access control. Not worth an update for me.
(In reply to Oden Eriksson from comment #3) > mga3 has glpi-0.83.91-1.1.mga3 Oops, I forgot my laptop is running mga4 for a minute there :o)
Whiteboard: MGA4TOO, MGA3TOO => MGA4TOO
Fixed in Cauldron in glpi-0.84.7-1.mga5 by Oden.
Version: Cauldron => 4Whiteboard: MGA4TOO => (none)
Depends on: (none) => 14933
Fixed in http://advisories.mageia.org/MGASA-2015-0017.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/629242/