Summary: | www-apps/egroupware < 1.4.002 "cat_data[color]" Cross-Site Scripting (CVE-2007-5091) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Pierre-Yves Rofes (RETIRED) <py> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/26944/ | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Pierre-Yves Rofes (RETIRED)
2007-09-27 09:02:01 UTC
web-apps please advise. This is CVE-2007-5091. Version 1.4.002 is in the tree and should be marked stable on the following arches: alpha amd64 hppa ppc x86 (In reply to comment #3) > Version 1.4.002 is in the tree and should be marked stable on the following > arches: > > alpha amd64 hppa ppc x86 > Thanks gunnar. oops, seems some arches weren't added. Er, so that's =www-apps/egroupware-1.4.002 then. Stable for HPPA. x86 stable ppc stable alpha stable www-apps/egroupware-1.4.002 USE="gd mysql vhosts -jpgraph -ldap -postgres" - Emerges on AMD64. - I didn't have resources to test all the functionality. Although the setup wizard ran well. amd64 stable, thanks mixnix time for glsa decision. I vote NO. Removed insecure version. webapps done here. XSS, I vote no. closing without glsa. |