Bug 24599 - glpi new security issues fixed upstream in 9.4.1.1
Summary: glpi new security issues fixed upstream in 9.4.1.1
Status: RESOLVED WONTFIX
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-03-30 18:58 CET by David Walser
Modified: 2019-08-10 11:47 CEST (History)
0 users

See Also:
Source RPM: glpi-9.1.6-2.2.mga6.src.rpm
CVE:
Status comment: Fixed upstream in 9.4.1.1

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2019-03-30 18:58:02 CET 
Fedora has issued an advisory on March 29:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2VVTYWQABX6YTYBJ7TXMJRG24R4PJUKG/

The issues are fixed upstream in 9.4.1.1.
David Walser 2019-03-30 18:58:19 CET

Status comment: (none) => Fixed upstream in 9.4.1.1

Comment 1 Guillaume Rousse 2019-04-01 20:03:52 CEST 
We have GLPI 9.1 in mageia 6. Porting and testing the six different changes tagged as security issues in the changelog is quite a lot of work, especially as some of them are not precisely trivial. And shipping another major version as a security update, implying a database schema change, as well as shipping all other version-dependant plugins, is a no-go for me.

I'll try to get in touch with upstream developper to have some kind of risk assessment before investing any porting effort here. Unless we have a clear cost/benefit ratio here (or someone else volonteers to do the job, of course), that's quite likely to end as WONTFIX.

Status: NEW => ASSIGNED

Comment 2 Guillaume Rousse 2019-08-10 11:47:48 CEST 
Closing as WONTFIX, as explained in comment #1

Status: ASSIGNED => RESOLVED
Resolution: (none) => WONTFIX
Note You need to log in before you can comment on or make changes to this bug.