Gentoo Bug 54030 - app-admin/usermin HTML Email Script Code Execution Vulnerability

First Last Prev Next No search results available Search page Enter new bug

Bug#:	54030
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 54030 depends on:			Show dependency tree
Bug 54030 blocks:			Show dependency tree

Votes:	0 Show votes for this bug Vote for this bug

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-06-15 14:51 0000

Please bump, new version is available.

------- Comment #1 From Jeremy Huddleston (RETIRED) 2004-06-15 15:49:05 0000 -------

committed.  stable on x86 and sparc.  Just added ~amd64, so no need for that to
be stable.  alpha should mark it stable, and we need ppc to mark it stable
before GLSA

------- Comment #2 From Sune Kloppenborg Jeppesen 2004-06-16 06:43:36 0000 -------

GLSA drafted: security please review.

ppc and alpha please mark stable.

Please remove old unneeded versions from portage.

------- Comment #3 From Thierry Carrez (RETIRED) 2004-06-16 09:15:53 0000 -------

Note that according to :

http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html

usermin is also vulnerable to one of the vulnerabilities in webmin (200406-12) : account lock.

------- Comment #4 From Sune Kloppenborg Jeppesen 2004-06-16 10:45:21 0000 -------

Thx. Information added to the GLSA.

------- Comment #5 From Bryan Østergaard (RETIRED) 2004-06-16 15:14:56 0000 -------

Stable on alpha.

------- Comment #6 From Thierry Carrez (RETIRED) 2004-06-18 08:40:26 0000 -------

Just realised ppc marked stable 2 days ago :)
Ready for GLSA publication.

------- Comment #7 From Thierry Carrez (RETIRED) 2004-06-18 11:33:05 0000 -------

GLSA 200406-15

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 54030

app-admin/usermin HTML Email Script Code Execution Vulnerability

Last modified: 2004-06-18 11:33:05 0000