Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 808192 - <www-apps/postfixadmin-3.3.10 - multiple vulnerabilities
Summary: <www-apps/postfixadmin-3.3.10 - multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-08-14 12:49 UTC by Tomáš Mózes
Modified: 2021-08-17 15:45 UTC (History)
3 users (show)

See Also:
Package list:
www-apps/postfixadmin-3.3.10
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tomáš Mózes 2021-08-14 12:49:26 UTC 
# 3.3.10
Security fix - ClickJacking protection (thanks @huntr-helper / @ranjit-git) (see #523)
Security fix (low risk) - Improve randomness with PFA_token for CSRF protection (thanks @michaellrowley)
Comment 1 Tomáš Mózes 2021-08-14 12:50:48 UTC 
Please stabilize 3.3.10. It fixes a security issue and 3.3.9 was broken for me anyways, loading /list.php?table=domain failed (probably due to https://github.com/postfixadmin/postfixadmin/pull/493).
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-14 15:37:11 UTC 
Thank you for reporting!
Comment 3 Agostino Sarubbo gentoo-dev 2021-08-16 05:15:10 UTC 
ALLARCHES stable.
Comment 4 Larry the Git Cow gentoo-dev 2021-08-16 05:20:27 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=719313a38bf1ec7c1948a444407a8778016ae7cc

commit 719313a38bf1ec7c1948a444407a8778016ae7cc
Author:     Miroslav Šulc <fordfrog@gentoo.org>
AuthorDate: 2021-08-16 05:20:12 +0000
Commit:     Miroslav Šulc <fordfrog@gentoo.org>
CommitDate: 2021-08-16 05:20:24 +0000

    www-apps/postfixadmin: removed obsolete and vulnerable 3.3.9-r2
    
    Bug: https://bugs.gentoo.org/808192
    Package-Manager: Portage-3.0.20, Repoman-3.0.3
    Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

 www-apps/postfixadmin/Manifest                     |   1 -
 www-apps/postfixadmin/postfixadmin-3.3.9-r2.ebuild | 105 ---------------------
 2 files changed, 106 deletions(-)
Comment 5 Miroslav Šulc gentoo-dev 2021-08-16 05:20:52 UTC 
the tree is clean now, you can proceed.
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-17 15:45:50 UTC 
These are primarily hardening issues, so no GLSA, all done! Thanks all.