Bug 25931 - glpi new security issues fixed upstream in 9.4.3 and 9.4.4
Summary: glpi new security issues fixed upstream in 9.4.3 and 9.4.4
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-12-23 18:54 CET by David Walser
Modified: 2020-01-28 08:54 CET (History)
4 users (show)

See Also:
Source RPM: glpi-9.4.2-1.mga7.src.rpm
CVE:
Status comment: Fixed upstream in 9.4.4


Attachments

David Walser 2020-01-14 17:40:12 CET

Status comment: (none) => Fixed upstream in 9.4.4

Comment 1 David Walser 2020-01-18 20:32:01 CET
glpi-9.4.5-1.1.mga7 uploaded by Guillaume.  Thanks for the update.

Just a couple of notes though, this update should not have had a subrel, and when you do add one it should be immediately above the line that calls %mkrel (for consistency).
Comment 2 David Walser 2020-01-18 20:32:42 CET
Assigning to QA.  Advisory to come later.

CC: (none) => guillomovitch
Assignee: guillomovitch => qa-bugs

Comment 3 Herman Viaene 2020-01-20 15:50:01 CET
MGA7-64 Plasma on Lenovo B50
No installation issues.
Make sure httpd and mysqld are installed and running
Ref bug 21331 for procedure, so as described:
run mysql_secure_installation
comment out the line plugin-load-add=cracklib_password_check.so in /etc/my.cnf.d/cracklib_password_check.cnf 
then run the commands to create the glpi database
point firefox to to localhost/glpi which brings me to http://localhost/glpi/install/install.php and gives me the glpi starting screen where to select the language.
Going on gives a list of checks on dependencies, where the exif extension is given as not present.According https://glpi-install.readthedocs.io/en/latest/prerequisites.html  this is not essential, so going on completes the installation and allows to login to glpi. I did not proceed any further as in previous updates. So OK for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 4 Thomas Andrews 2020-01-22 19:00:40 CET
Validating.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Comment 6 Lewis Smith 2020-01-27 21:26:44 CET
I took the advisory SRPM from comment 1.

Keywords: (none) => advisory

Comment 7 Mageia Robot 2020-01-28 08:54:24 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0052.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.