Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 943296 - <www-apps/piwigo-15.1.0: SQL injection in admin interface
Summary: <www-apps/piwigo-15.1.0: SQL injection in admin interface
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2024-11-11 21:02 UTC by Alexander Bezrukov
Modified: 2024-11-12 18:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bezrukov 2024-11-11 21:02:03 UTC 
SQL injection in user manager has been fixed in piwigo-15.1.0

To update it is enough to rename the ebuild.
Comment 1 Bernard Cafarelli gentoo-dev 2024-11-12 17:01:00 UTC 
Good thing I added 15.1.0 in tree earlier today
Reading the issue it seems to have been found in as early as 12.2.0 so I will clean all but latest ebuilds in tree
Comment 2 Larry the Git Cow gentoo-dev 2024-11-12 18:00:53 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6c24365f2941380184de9647d925fde30222719d

commit 6c24365f2941380184de9647d925fde30222719d
Author:     Bernard Cafarelli <voyageur@gentoo.org>
AuthorDate: 2024-11-12 17:01:13 +0000
Commit:     Bernard Cafarelli <voyageur@gentoo.org>
CommitDate: 2024-11-12 18:00:50 +0000

    www-apps/piwigo: drop 14.5.0, 15.0.0
    
    Bug: https://bugs.gentoo.org/943296
    Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org>

 www-apps/piwigo/Manifest             |  2 --
 www-apps/piwigo/piwigo-14.5.0.ebuild | 42 ------------------------------------
 www-apps/piwigo/piwigo-15.0.0.ebuild | 42 ------------------------------------
 3 files changed, 86 deletions(-)
Comment 3 Hans de Graaff gentoo-dev Security 2024-11-12 18:39:59 UTC 
Thanks for the quick action.