Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 283434 - <app-office/tinyerp-server-5.0.6 Major security hole in Open ERP (TinyERP)
Summary: <app-office/tinyerp-server-5.0.6 Major security hole in Open ERP (TinyERP)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.openobject.com/forum/post4...
Whiteboard: B? [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-01 16:25 UTC by Cédric Krier
Modified: 2014-12-12 01:00 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cédric Krier gentoo-dev 2009-09-01 16:25:04 UTC 
According to the post on the forum, there is a major security hole in all previous version of OpenERP (TinyERP) <= 5.0.3

Reproducible: Always
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-09-28 03:12:50 UTC 
Alex p.masked this on Sept. 1st.

Cédric, have you abandoned this software? It seems it's heading out of the tree then.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2009-09-28 03:13:05 UTC 
# Alex Legler <a3li@gentoo.org> (1 Sep 2009)
# Masked for security, has no maintainer. Bug 283434.
# Will be proposed for treecleaning if noone steps up in let's say two weeks.
app-office/tinyerp-client
app-office/tinyerp-server
Comment 3 Cédric Krier gentoo-dev 2009-09-28 06:20:32 UTC 
(In reply to comment #1)
> Cédric, have you abandoned this software? It seems it's heading out of the
> tree then.

Yes. I'm working on a fork now (http://www.tryton.org/).
Comment 4 Cédric Krier gentoo-dev 2009-11-21 17:56:55 UTC 
Ebuilds have been removed.
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2010-04-30 17:41:03 UTC 
Security bug, reopening for mask glsa, etc.
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-08-05 21:30:50 UTC 
Added to 2010 SuperGLSA
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2014-12-12 01:00:50 UTC 
Somehow this missed the 2010 SuperGLSA. However, since it has been fixed for 4+ years, it will not get a GLSA.