drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in glpi-data-injection
Name: |
Cross-Site Scripting in glpi-data-injection |
|
ID: |
FEDORA-2012-10661 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 17 |
|
Datum: |
Mo, 6. August 2012, 21:03 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Gestion Libre de Parc Informatique |
|
Originalnachricht |
Name : glpi-data-injection Product : Fedora 17 Version : 2.2.2 Release : 1.fc17 URL : https://forge.indepnet.net/projects/datainjection Summary : Plugin for importing data into GLPI Description : Plugin for importing data into GLPI
It'll can serve, for example, to : - import machines at the delivery (electronic delivery order in CSV) - import additional data - import equipment not managed by OCS - transmit from an other tool of asset management
------------------------------------------------------------------------------- - Update Information:
The official GLPI 0.83.3 version is now available from download
This version correct several minor bugs and a security bug. You are stongly encouraged to update your actual version.
Thanks to Prajal Kulkarni.
Upstream Changelog
Version 0.83.31
* Bug #3633: Check rights for massive actions for tickets (priority / status)
* Bug #3634: Problem adding contract using template
* Bug #3635: Wrong ticket template load when changing users with different entities
* Bug #3636: count active object in ticket form
* Bug #3656: Comment on reservation item list
* Bug #3666: Redirect give right error when default entity set to another entity than the redirected item one
* Bug #3667: Unable to set password when creating users with limited rights
* Bug #3668: Ticket template and itemtype predefined problem
* Bug #3670: Check mandatory description when predefined
* Bug #3678: Problem on document_item entity information
* Bug #3680: No refresh after group creation from item form detail
* Bug #3681: Ticket notification : don't show auto close warning when autoclose = 0
* Bug #3682: Masive action lost : move network port
* Bug #3683: Display Ticket Tab
* Bug #3685: Missing in not imported email list
* Bug #3686: Broken software dictionnary
* Bug #3687: Software dictionnary results not apply during OCS import
* Bug #3689: Duplicate entry in KB
* Bug #3691: Import computer rule broken for "name is empty"
* Bug #3693: Bug on recompute soft category
* Bug #3696: Ticket template input slashes on error
* Bug #3697: mailcollector conflict with ticket rule assign user.
* Bug #3701: Reminder list show public notes when not allowed to
* Bug #3704: CSRF prevention step 1
* Bug #3705: Security XSS for few items
* Bug #3707: CSRF prevention step 2
* Bug #3714: Templates and direct connections
* Bug #3715: Add element with a template have direct connection
* Bug #3731: CheckAlreadyPlanned for plugins
* Bug #3732: Link on checkAlreadyPlanned for ITIL tasks
* Feature #3642: Make location a user pref
* Feature #3650: Statut par défaut d'une tâche
* Feature #3684: Send satisfaction survey immediatly if delay is 0
Version 0.83.4:
* Bug #3768: Email followups Configuration
* Bug #3784: Predefined values must only be applied on ticket creation
* Bug #3786: Mail collector do not update last_updater when creating followup
* Bug #3790: Footer problem on stats display
* Bug #3791: Php-error on user creation
* Bug #3793: Missing massive action field for user (Administrative number)
* Bug #3794: Ticket template deletion troubles
* Bug #3795: Do not show deleted tickets on central view of new tickets
* Bug #3799: In notes (reminder) missing GROUP BY glpi_reminders.id in search list
* Bug #3800: HTTP_REFERER checks when behind a proxy
* Bug #3801: Ticket search troubles
This update include latest version of MassOcsImport, DataInjection and PDF plugins for compatibility with the security fix. ------------------------------------------------------------------------------- - ChangeLog:
* Thu Jul 12 2012 Remi Collet <Fedora@FamilleCollet.com> - 2.2.2-1 - version 2.2.2 for GLPI 0.83.3 https://forge.indepnet.net/projects/datainjection/versions/782 https://forge.indepnet.net/projects/datainjection/versions/748 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update glpi-data-injection' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|