305505 – <www-apps/coppermine-1.4.26 XSS

Bug 305505 - <www-apps/coppermine-1.4.26 XSS

Summary: <www-apps/coppermine-1.4.26 XSS

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial
Assignee:	Gentoo Security

URL:	http://forum.coppermine-gallery.net/i...
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2010-02-17 10:29 UTC by cilly
Modified:	2010-03-10 10:15 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
coppermine-1.4.26.ebuild (coppermine-1.4.26.ebuild,1.15 KB, text/plain) 2010-02-17 10:30 UTC, cilly	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description cilly 2010-02-17 10:29:23 UTC

"The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.4.25 or older update to this latest version as soon as possible."

Comment 1 cilly 2010-02-17 10:30:45 UTC

Created attachment 219973 [details]
coppermine-1.4.26.ebuild

Comment 2 cilly 2010-02-17 10:31:44 UTC

Hint: just rename ebuild to match correct version

Comment 3 Tobias Heinlein (RETIRED) gentoo-dev

2010-02-18 19:03:45 UTC

web-apps, please bump.

Comment 4 Alex Legler (RETIRED) archtester

2010-03-10 10:15:41 UTC

+*coppermine-1.4.26 (10 Mar 2010)
+
+  10 Mar 2010; Alex Legler <a3li@gentoo.org> -coppermine-1.4.24.ebuild,
+  +coppermine-1.4.26.ebuild:
+  Non-maintainer commit: Version bump for security bug 305505. Also fixing
+  docs installation
+

Issue seems to be XSS. Rerated ~4. Closing noglsa.