From the third-party advisory at $URL: <!------------------------------------------------------------------------ # Software................GroupOffice 3.6.22 # Vulnerability...........Cross-site Request Forgery # Threat Level............Low (1/5) # Download................http://www.group-office.com/ # Discovery Date..........3/10/2011 # Tested On...............Windows Vista + XAMPP # ------------------------------------------------------------------------ # Author..................AutoSec Tools # Site....................http://www.autosectools.com/ # Email...................John Leitch <john@autosectools.com> # ------------------------------------------------------------------------ # # # --Description-- # # A cross-site request forgery vulnerability in GroupOffice 3.6.22 can # be exploited to create a new admin. #
I've committed groupoffice-3.7.52, which fixes this issue and includes other security related fixes according to their Changelog. Please proceed.
(In reply to comment #1) > I've committed groupoffice-3.7.52, which fixes this issue and includes other > security related fixes according to their Changelog. > Thank you. Arches, please test and mark stable: =www-apps/groupoffice-3.7.52 Target keywords : "alpha amd64"
amd64 stable
alpha keywords dropped
Thanks, folks. Resolving noglsa.