Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 273758

Summary: <www-apps/coppermine-1.4.23: SQL injection
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://forum.coppermine-gallery.net/index.php/topic,59551.0.html
Whiteboard: ~3/4 [noglsa]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-06-11 18:29:56 UTC 
A couple of SQLi vulnerabilities and a local file inclusion had been reported via http://www.milw0rm.com/exploits/8713. 

Upstream seem just to have acknowledged the SQLi's as per $URL.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-06-11 18:44:27 UTC 
+*coppermine-1.4.24 (11 Jun 2009)
+
+  11 Jun 2009; Alex Legler <a3li@gentoo.org> -coppermine-1.4.19.ebuild,
+  +coppermine-1.4.24.ebuild:
+  Non-Maintainer commit: Version bump to fix security bugs 261180, 258665,
+  268186 and 273758.
+