Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 54030 - app-admin/usermin HTML Email Script Code Execution Vulnerability
Summary: app-admin/usermin HTML Email Script Code Execution Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/10521
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2004-06-15 14:51 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2011-10-30 22:37 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-06-15 14:51:32 UTC 
Please bump, new version is available.
Comment 1 Jeremy Huddleston (RETIRED) gentoo-dev 2004-06-15 15:49:05 UTC 
committed.  stable on x86 and sparc.  Just added ~amd64, so no need for that to be stable.  alpha should mark it stable, and we need ppc to mark it stable before GLSA
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-06-16 06:43:36 UTC 
GLSA drafted: security please review.

ppc and alpha please mark stable.

Please remove old unneeded versions from portage.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2004-06-16 09:15:53 UTC 
Note that according to :

http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html

usermin is also vulnerable to one of the vulnerabilities in webmin (200406-12) : account lock.
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-06-16 10:45:21 UTC 
Thx. Information added to the GLSA.
Comment 5 Bryan Østergaard (RETIRED) gentoo-dev 2004-06-16 15:14:56 UTC 
Stable on alpha.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2004-06-18 08:40:26 UTC 
Just realised ppc marked stable 2 days ago :)
Ready for GLSA publication.
Comment 7 Thierry Carrez (RETIRED) gentoo-dev 2004-06-18 11:33:05 UTC 
GLSA 200406-15