Sicherheit: Cross-Site Scripting in glpi
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in glpi
ID: FEDORA-2019-169f1eec7c
Distribution: Fedora
Plattformen: Fedora 29
Datum: Di, 2. Juli 2019, 06:15
Referenzen: Keine Angabe
Applikationen: Gestion Libre de Parc Informatique


Fedora Update Notification
2019-07-02 02:30:39.056179

Name : glpi
Product : Fedora 29
Version : 9.3.4
Release : 2.fc29
URL : http://www.glpi-project.org/
Summary : Free IT asset management software
Description :
GLPI is the Information Resource-Manager with an additional Administration-
Interface. You can use it to build up a database with an inventory for your
company (computer, software, printers...). It has enhanced functions to make
the daily life for the administrators easier, like a job-tracking-system with
mail-notification and methods to build a database with basic information
about your network-topology.

Update Information:

Includes security fix backported from 9.4.3 * [security] Prevent execution of
XSS on rich text, * [security] Prevent xss attack on user picture,

* Fri Jun 21 2019 Remi Collet <remi@remirepo.net> - 9.3.4-2
- [security] Prevent execution of XSS on rich text
- [security] Prevent XSS attack on user picture
* Thu Apr 11 2019 Remi Collet <remi@remirepo.net> - 9.3.4-1
- update to 9.3.4
* Wed Mar 27 2019 Remi Collet <remi@remirepo.net> - 9.3.3-2
- add security fix backported from 9.4.1:
[security] Bad chevrons rendering on dropdowns
[security] Iframe and forms are rendered in rich text contents
[security] Type juggling authentication bypass
[security] Malicious images upload
[security] Password token date was not reset
[security] Prevent timed attack and enforce cookie security
- add dependency on exif extension
* Tue Nov 27 2018 Remi Collet <remi@remirepo.net> - 9.3.3-1
- update to 9.3.3
* Tue Nov 6 2018 Remi Collet <remi@remirepo.net> - 9.3.2-3
- add missing dependency on elvanto/litemoji
* Mon Nov 5 2018 Remi Collet <remi@remirepo.net> - 9.3.2-1
- update to 9.3.2
- version 9.3.2 conflicts with glpi-fusioninventory < 1:9.3+1.2
see https://github.com/glpi-project/glpi/issues/4837

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-169f1eec7c' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten