Bug 54030

Summary:	app-admin/usermin HTML Email Script Code Execution Vulnerability
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	eradicator, ppc
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
URL:	http://www.securityfocus.com/bid/10521
Whiteboard:	B3 [glsa]
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-06-15 14:51:32 UTC

Please bump, new version is available.

Comment 1 Jeremy Huddleston (RETIRED) gentoo-dev

2004-06-15 15:49:05 UTC

committed.  stable on x86 and sparc.  Just added ~amd64, so no need for that to be stable.  alpha should mark it stable, and we need ppc to mark it stable before GLSA

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-06-16 06:43:36 UTC

GLSA drafted: security please review.

ppc and alpha please mark stable.

Please remove old unneeded versions from portage.

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2004-06-16 09:15:53 UTC

Note that according to :

http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html

usermin is also vulnerable to one of the vulnerabilities in webmin (200406-12) : account lock.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2004-06-16 10:45:21 UTC

Thx. Information added to the GLSA.

Comment 5 Bryan Østergaard (RETIRED) gentoo-dev

2004-06-16 15:14:56 UTC

Stable on alpha.

Comment 6 Thierry Carrez (RETIRED) gentoo-dev

2004-06-18 08:40:26 UTC

Just realised ppc marked stable 2 days ago :)
Ready for GLSA publication.

Comment 7 Thierry Carrez (RETIRED) gentoo-dev

2004-06-18 11:33:05 UTC

GLSA 200406-15