Summary: | <www-apps/roundup-1.4.11: EditCVSAction() permission bypass (CVE-2009-2737) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=489355 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2009-08-14 22:31:24 UTC
Please remove versions <= 1.4.16. Investigation needed for 1.4.18 Upstream: http://issues.roundup-tracker.org/issue2550521 The method was rewritten in 1.4.8, 1.4.6 needs the (one-word) patch. GLSA vote: no. GLSA Vote: no too, closing. |