Branch sisyphus update bulletin.

Package glpi updated to version 0.85.1-alt1 for branch sisyphus in task 138266.

Published: 2014-12-19
Modified: 2024-11-21

CVE-2014-9258

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.

Severity: MEDIUM (6.5)

References:

http://advisories.mageia.org/MGASA-2015-0017.html
http://advisories.mageia.org/MGASA-2015-0017.html
FEDORA-2014-17520
FEDORA-2014-17520
FEDORA-2014-17497
FEDORA-2014-17497
FEDORA-2014-17508
FEDORA-2014-17508
115957
115957
61367
61367
http://security.szurek.pl/glpi-085-blind-sql-injection.html
http://security.szurek.pl/glpi-085-blind-sql-injection.html
35528
35528
http://www.glpi-project.org/spip.php?page=annonce&id_breve=334&lang=en
http://www.glpi-project.org/spip.php?page=annonce&id_breve=334&lang=en
MDVSA-2015:167
MDVSA-2015:167

Package pear-XML_Util updated to version 1.2.3-alt1 for branch sisyphus in task 138311.

pear-XML_Util нуждается в обновлении

Version: 2.1.0

Branch sisyphus update on 2015-01-11

ALT-BU-2015-2225-1

ALT-PU-2015-1019-1

Closed vulnerabilities

CVE-2014-9258

ALT-PU-2015-1020-1

Closed bugs

Bug #30632