Fedora has issued advisories on July 1 and October 3: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ROTE7BNJCTAVIL4RSFUQYYYRBB3WWD54/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KGVXGT2LJGLCEMEGGOOWT26ERXONTM2J/ These are updates to 9.4.3 and 9.4.4, which fix security issues: https://github.com/glpi-project/glpi/releases/tag/9.4.3 https://github.com/glpi-project/glpi/releases/tag/9.4.4 9.4.5, not yet in Cauldron, is just a bugfix release: https://github.com/glpi-project/glpi/releases/tag/9.4.5
Status comment: (none) => Fixed upstream in 9.4.4
glpi-9.4.5-1.1.mga7 uploaded by Guillaume. Thanks for the update. Just a couple of notes though, this update should not have had a subrel, and when you do add one it should be immediately above the line that calls %mkrel (for consistency).
Assigning to QA. Advisory to come later.
CC: (none) => guillomovitchAssignee: guillomovitch => qa-bugs
MGA7-64 Plasma on Lenovo B50 No installation issues. Make sure httpd and mysqld are installed and running Ref bug 21331 for procedure, so as described: run mysql_secure_installation comment out the line plugin-load-add=cracklib_password_check.so in /etc/my.cnf.d/cracklib_password_check.cnf then run the commands to create the glpi database point firefox to to localhost/glpi which brings me to http://localhost/glpi/install/install.php and gives me the glpi starting screen where to select the language. Going on gives a list of checks on dependencies, where the exif extension is given as not present.According https://glpi-install.readthedocs.io/en/latest/prerequisites.html this is not essential, so going on completes the installation and allows to login to glpi. I did not proceed any further as in previous updates. So OK for me.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA7-64-OK
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory: ======================== Updated glpi packages fix security vulnerabilities: The glpi package has been updated to version 9.4.5, fixing several bugs and security issues. See the upstream announcements for details. References: https://github.com/glpi-project/glpi/releases/tag/9.4.3 https://github.com/glpi-project/glpi/releases/tag/9.4.4 https://github.com/glpi-project/glpi/releases/tag/9.4.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ROTE7BNJCTAVIL4RSFUQYYYRBB3WWD54/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/KGVXGT2LJGLCEMEGGOOWT26ERXONTM2J/
I took the advisory SRPM from comment 1.
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0052.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED