Bug 18245 - glpi new security issue fixed upstream in 0.90.3
Summary: glpi new security issue fixed upstream in 0.90.3
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/684747/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-22 19:02 CEST by David Walser
Modified: 2016-04-24 18:57 CEST (History)
0 users

See Also:
Source RPM: glpi-0.90.1-1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-04-22 19:02:08 CEST 
Upstream has released version 0.90.3 on April 11:
http://www.glpi-project.org/spip.php?page=annonce&id_breve=358&lang=en

It fixes an SQL injection security issue:
https://github.com/glpi-project/glpi/issues/581

I don't know whether Mageia 5's version is affected.

Fedora has issued an advisory for this on April 21:
https://lists.fedoraproject.org/pipermail/package-announce/2016-April/182895.html
Comment 1 David Walser 2016-04-24 18:57:29 CEST 
glpi-0.90.3-1.mga6 uploaded for Cauldron by Guillaume.

Marking as FIXED for now.  Feel free to re-open if you learn that the Mageia 5 version is affected.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.