347287 – (CVE-2010-4667) <www-apps/coppermine-1.4.27: XSS vulnerability (CVE-2010-4667)

Bug 347287 (CVE-2010-4667) - <www-apps/coppermine-1.4.27: XSS vulnerability (CVE-2010-4667)

Summary: <www-apps/coppermine-1.4.27: XSS vulnerability (CVE-2010-4667)

Status:	RESOLVED FIXED

Alias:	CVE-2010-4667

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Gentoo Security

URL:	http://forum.coppermine-gallery.net/i...
Whiteboard:	~4 [noglsa]
Keywords:

Duplicates (2):	325923 372903 (view as bug list)
Depends on:
Blocks:

Reported:	2010-11-30 14:13 UTC by cilly
Modified:	2011-06-27 10:53 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
ebuild for coppermine-1.4.27 (coppermine-1.4.27.ebuild,1.10 KB, text/plain) 2010-12-08 12:03 UTC, cilly	no flags	Details
Diff between ebuild of version 1.4.26 and 1.4.27. (coppermine1426-1427.diff,602 bytes, patch) 2010-12-08 12:07 UTC, cilly	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description cilly 2010-11-30 14:13:36 UTC

cpg1.4.27 Security release - upgrade mandatory!
+ 25 May 2010
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.4.26 or older update to this latest version as soon as possible.

Comment 1 cilly 2010-12-08 12:03:32 UTC

Created attachment 256630 [details]
ebuild for coppermine-1.4.27

Comment 2 cilly 2010-12-08 12:07:19 UTC

Created attachment 256631 [details, diff]
Diff between ebuild of version 1.4.26 and 1.4.27.

Comment 3 Peter Volkov (RETIRED) gentoo-dev

2011-06-08 13:09:28 UTC

*** Bug 325923 has been marked as a duplicate of this bug. ***

Comment 4 Tim Sammut (RETIRED) gentoo-dev

2011-06-08 15:05:56 UTC

Thank you for the report, cilly.

Comment 5 Peter Volkov (RETIRED) gentoo-dev

2011-06-09 06:55:57 UTC

Thank you cilly. 1.4.27 was just added to the tree.

Cilly, Patrick this package does not have dedicated maintainer. If you wish to maintain this package, I can help you with review and commiting changes to the tree. For this to work, please, contact me by mail. Tnx.

Comment 6 Tim Sammut (RETIRED) gentoo-dev

2011-06-09 07:10:57 UTC

Thank you, everyone. Closing NOGLSA for ~arch package.

Comment 7 Tim Sammut (RETIRED) gentoo-dev

2011-06-26 21:24:53 UTC

*** Bug 372903 has been marked as a duplicate of this bug. ***

Comment 8 Tim Sammut (RETIRED) gentoo-dev

2011-06-26 21:26:29 UTC

@web-apps, please remove vulnerable versions from the tree. Thank you.

Comment 9 Peter Volkov (RETIRED) gentoo-dev

2011-06-27 10:53:29 UTC

(In reply to comment #8)
> @web-apps, please remove vulnerable versions from the tree. Thank you.

Done.