Summary: | www-apps/otrs Cross-Site Scripting and Cross-Site Request Forgery (CVE-2007-2524) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Lars Hartmann <lars> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | gentoo, infowolfe, mail, rl03, tom, voha2, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/25205/ | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Lars Hartmann
2007-05-08 13:53:39 UTC
maintainers - please provide a fix Does anybody know of a backported patch for 2.0.4/2.1.7? As 2.1.7 is currently facing some heavy changes (bug#172305) it would be nice having this patch available for 2.0.4 and being able including it in 2.1.7 as soon as I've finished the rewrite of this ebuild. Regards, Elias P. I looked at theyr bugzilla and it seems that they are still working on a patch for 2.0.4 They released a fix: http://users.otrs.com/~me/otrs-2.0.4-OSA-2007-01-patch.diff maintainers - please provide an updated ebuild maintainers - please advice maintainers - please advise and patch as necessary maintainers - please advice *** Bug 183562 has been marked as a duplicate of this bug. *** *** Bug 172305 has been marked as a duplicate of this bug. *** Since OTRS 2.0.5 (released 05-29-2007) fixes this, can we perhaps change this to a version bump? maintainers - please advice and bump as necessary I finally resolved all problems that kept me from closing bug#172305 Expect updated ebuilds for OTRS during next days. Regards, Elias P. there's 2.1.5 in the tree, does it fix this issue? web-apps, please advise. I added otrs-2.2.2 to the tree now and removed the older, insecure ebuilds. I currently did not remove the mask since I'd like some feedback whether the ebuild really installs fine. The post install instructions are somewhat more complex but I had no problem installing it. If I could get one confirmation of this I'd remove the mask. Thanks Gunnar. In any case, I think we can close this one without glsa. feel free to reopen if you disagree. |