Summary: | <www-apps/joomla-3.4.3: Multiple vulnerabilities (CVE-2015-5397) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Dainius Masiliūnas <pastas4> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | harold |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Dainius Masiliūnas
2015-07-25 09:08:36 UTC
Should I also create a version bump request? You don't have to submit a version bump. I will fix it, but it might take a bit of time. I have added joomla-3.4.3 to my overlay (hnaparst) and will ask to have it added to portage. drop vulnerable version 3.4.1, and bumped 3.4.3 (proxy for Harold Naparst) @security team, please proceed Maintainer(s), Thank you for your work. Closing noglsa. CVE-2015-5397 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5397): Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload code via unknown vectors. |