Bug 308059 (CVE-2010-0438)

Summary:

<www-apps/otrs-3.0.10: Multiple SQL injection vulnerabilities (CVE-2010-0438)

Product:

Gentoo Security

Reporter:

Stefan Behte (RETIRED) <craig>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

trivial

CC:

andreis.vinogradovs, jesse, web-apps

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://www.otrs.org/news/2010/otrs_2-4-7/

Whiteboard:

~3 [noglsa]

Package list:

Runtime testing required:

---

Bug Depends on:

337755

Bug Blocks:

Attachments:

Description	Flags
otrs-2.4.7.ebuild	none

Description Stefan Behte (RETIRED) gentoo-dev

2010-03-06 15:47:13 UTC

CVE-2010-0438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0438):
  Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in
  OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9,
  2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow
  remote authenticated users to execute arbitrary SQL commands via
  unspecified vectors.

Comment 1 Andreis Vinogradovs ( slepnoga ) 2010-03-19 14:18:30 UTC

in overlay rion affected versions removed.
available 2.4.7

Comment 2 Stefan Behte (RETIRED) gentoo-dev

2010-03-19 22:28:15 UTC

webapps, please bump

Comment 3 Andreis Vinogradovs ( slepnoga ) 2010-03-20 14:40:14 UTC

Created attachment 224391 [details]
otrs-2.4.7.ebuild

Comment 4 Andreis Vinogradovs ( slepnoga ) 2010-09-19 08:25:05 UTC

Comment on attachment 224391 [details]
otrs-2.4.7.ebuild

Affected version, see #337755

Comment 5 Tim Sammut (RETIRED) gentoo-dev

2011-08-19 15:32:26 UTC

Fixed software added and vulnerable versions removed by Patrick Lauer via bug 379855. Closing noglsa for ~arch package.