Description ReactionIS has discovered a vulnerability in Group-Office, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "sort" parameter to modules/calendar/json.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injection arbitrary SQL code. The vulnerability is confirmed in version 4.0.89. Other versions may also be affected. Solution Update to version 4.0.90.
I took the liberty to bump the package again. Straight copy worked in my local tests.
(In reply to comment #1) > I took the liberty to bump the package again. Straight copy worked in my > local tests. Since this is a non maintainer commit, we can wait a bit and go ahead. Thanks for bump it.
Arches, please test and stable =www-apps/groupoffice-4.0.97, target arch amd64. Thanks!
amd64 stable
GLSA vote: no.
GLSA vote: no Closing as noglsa