Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 297709 - <www-apps/ampache-3.8.1: Multiple SQL Injection Vulnerabilities
Summary: <www-apps/ampache-3.8.1: Multiple SQL Injection Vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/bid/37417
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks: 366689
  Show dependency tree
 
Reported: 2009-12-20 22:29 UTC by Micheal Marineau (RETIRED)
Modified: 2016-01-18 08:57 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Micheal Marineau (RETIRED) gentoo-dev 2009-12-20 22:29:23 UTC 
Ampache 3.4.x has a major vulnerability which is fixed in 3.5.x. I have added 3.5.3 which will need to be stabilized.

Also, just fyi: 3.5.x prior to 3.5.3 has a minor vulnerability but was never added to the tree. The announcement is here: http://ampache.org/announce/3_5_3.php
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2013-01-01 22:12:00 UTC 
Seems this has fallen off the radar. ppc, sparc and x86 still need a fixed version, but I guess that can be combined with bug #366689
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-01-08 17:13:10 UTC 
ampache bumped to 3.8.1.
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-01-10 21:00:27 UTC 
I'm already using this version on amd64, but since it is first addition since taking over as maintainer asking for separate stabilization for this as well.

Arches, please stabilize
=www-apps/ampache-3.8.1
Stable targets: amd64 ppc x86
Comment 4 Agostino Sarubbo gentoo-dev 2016-01-11 10:56:33 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-01-17 17:28:17 UTC 
x86 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-01-17 17:29:35 UTC 
ppc is not interested to maintain the stable version and will pass.
Comment 7 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-01-18 08:57:25 UTC 
Arches, thank you for your work. 

Cleanup done in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c4c61ea25453b6ea88a4f44c8fd16403d0258124