Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 321917

Summary: <www-apps/joomla-1.5.18 : XSS Vulnerabilities in Back End
Product: Gentoo Security Reporter: Olivier Huber <oli.huber>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: fauli, moixa
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
ebuild patch none

Description Olivier Huber 2010-05-28 21:45:54 UTC 
Description :
Back-end user can inject javascript in various administrator screens.

source : http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html

Joomla 1.5.18 works fine on my websites.

Christian : can you please bump joomla in the tree, thank you.
Comment 1 Olivier Huber 2010-05-28 21:47:34 UTC 
Created attachment 233327 [details, diff]
ebuild patch
Comment 2 Christian Faulhammer (RETIRED) gentoo-dev 2010-06-02 09:16:37 UTC 
I am still not operational...security team, please.
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2010-06-03 08:59:18 UTC 
1.5.18 works great, bump from Olivier is straight-forward and ok
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2010-06-03 12:48:33 UTC 
Thanks, committed. ~arch only → [noglsa].