Date: Mon, 29 Apr 2024 10:42:56 GMT From: Philip Paeps <philip@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: fc8db0625d90 - main - security/vuxml: CVEs affecting www/glpi < 10.0.15 Message-ID: <202404291042.43TAguLq088002@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by philip: URL: https://cgit.FreeBSD.org/ports/commit/?id=fc8db0625d9084fe6207904c4f91b48d986994ca commit fc8db0625d9084fe6207904c4f91b48d986994ca Author: Mathias Monnerville <mathias@monnerville.com> AuthorDate: 2024-04-28 19:51:00 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2024-04-29 10:39:04 +0000 security/vuxml: CVEs affecting www/glpi < 10.0.15 CVE-2024-31456 and CVE-2024-29889 were fixed in GLPI 10.0.15. PR: 278641 PR: 278642 --- security/vuxml/vuln/2024.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index d25c4b90e530..3b5800d55335 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,34 @@ + <vuln vid="5da8b1e6-0591-11ef-9e00-080027957747"> + <topic>GLPI -- multiple vulnerabilities</topic> + <affects> + <package> + <name>glpi</name> + <range><lt>10.0.15,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>GLPI team reports:</p> + <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.15">; + <p>GLPI 10.0.15 Changelog</p> + <ul> + <li>[SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)</li> + <li>[SECURITY - high] Account takeover via SQL Injection in saved searches feature (CVE-2024-29889)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2024-31456</cvename> + <cvename>CVE-2024-29889</cvename> + <url>https://github.com/glpi-project/glpi/releases/tag/10.0.15</url>; + </references> + <dates> + <discovery>2024-04-03</discovery> + <entry>2024-04-28</entry> + </dates> + </vuln> + <vuln vid="b3affee8-04d1-11ef-8928-901b0ef714d4"> <topic>py-social-auth-app-django -- Improper Handling of Case Sensitivity</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202404291042.43TAguLq088002>