Branch sisyphus update bulletin.

Package glpi updated to version 0.84.8-alt1 for branch sisyphus in task 132751.

Published: 2015-04-14
Modified: 2024-11-21

CVE-2014-8360

Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.

Severity: HIGH (7.5)

References:

Package strongswan updated to version 5.2.1-alt1 for branch sisyphus in task 132771.

Published: 2015-01-07
Modified: 2024-11-21

CVE-2014-9221

strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025.

Severity: MEDIUM (5.0)

References:

Package gparted updated to version 0.20.0-alt1 for branch sisyphus in task 132752.

Published: 2014-12-19
Modified: 2024-11-21

CVE-2014-7208

GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.

Severity: HIGH (7.2)

References:

Package python-module-parted updated to version 3.10.0-alt1 for branch sisyphus in task 132752.

[FR] Обновить версию и собрать для python3

Version: 2.1.0

Branch sisyphus update on 2014-10-22

ALT-BU-2014-3064-1

ALT-PU-2014-2285-1

Closed vulnerabilities

CVE-2014-8360

ALT-PU-2014-2289-1

Closed vulnerabilities

CVE-2014-9221

ALT-PU-2014-2290-1

Closed vulnerabilities

CVE-2014-7208

ALT-PU-2014-2291-1

Closed bugs

Bug #30392