Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 347287 (CVE-2010-4667)

Summary: <www-apps/coppermine-1.4.27: XSS vulnerability (CVE-2010-4667)
Product: Gentoo Security Reporter: cilly <cilly>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: enhancement CC: gentoo, glsamaker, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://forum.coppermine-gallery.net/index.php/topic,65023.0.html
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---
Attachments:
Description Flags
ebuild for coppermine-1.4.27
none
Diff between ebuild of version 1.4.26 and 1.4.27. none

Description cilly 2010-11-30 14:13:36 UTC 
cpg1.4.27 Security release - upgrade mandatory!
+ 25 May 2010
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.4.26 or older update to this latest version as soon as possible.
Comment 1 cilly 2010-12-08 12:03:32 UTC 
Created attachment 256630 [details]
ebuild for coppermine-1.4.27
Comment 2 cilly 2010-12-08 12:07:19 UTC 
Created attachment 256631 [details, diff]
Diff between ebuild of version 1.4.26 and 1.4.27.
Comment 3 Peter Volkov (RETIRED) gentoo-dev 2011-06-08 13:09:28 UTC 
*** Bug 325923 has been marked as a duplicate of this bug. ***
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-06-08 15:05:56 UTC 
Thank you for the report, cilly.
Comment 5 Peter Volkov (RETIRED) gentoo-dev 2011-06-09 06:55:57 UTC 
Thank you cilly. 1.4.27 was just added to the tree.

Cilly, Patrick this package does not have dedicated maintainer. If you wish to maintain this package, I can help you with review and commiting changes to the tree. For this to work, please, contact me by mail. Tnx.
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2011-06-09 07:10:57 UTC 
Thank you, everyone. Closing NOGLSA for ~arch package.
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 21:24:53 UTC 
*** Bug 372903 has been marked as a duplicate of this bug. ***
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 21:26:29 UTC 
@web-apps, please remove vulnerable versions from the tree. Thank you.
Comment 9 Peter Volkov (RETIRED) gentoo-dev 2011-06-27 10:53:29 UTC 
(In reply to comment #8)
> @web-apps, please remove vulnerable versions from the tree. Thank you.

Done.