Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 562956 - <www-apps/postfixadmin-2.3.8 - multiple vulnerabilities
Summary: <www-apps/postfixadmin-2.3.8 - multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://sourceforge.net/p/postfixadmin...
Whiteboard: C4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-12 22:27 UTC by Matthew Thode ( prometheanfire )
Modified: 2015-10-13 15:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-10-12 22:27:50 UTC
Changes since the 2.3.7 release:

    fix query to enable/disable alias in edit-mailbox for PostgreSQL (#311)
    don't prefill username in users/ login on failed logins - fixes (probably harmless) XSS
    fix show_gen_status() to properly escape mail addresses in query (#356)
    fix escaping in create-admin, create-mailbox and fetchmail templates - fixes (harmless) XSS on form validation errors (thanks to Juan Rossi for reporting them!)
    don't echo the password back to the browser in the fetchmail form
    allow MariaDB in Debian package dependencies

I think we should stablize, but I'll leave that up to web-apps and sec herds

Reproducible: Always
Comment 1 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-10-12 22:29:00 UTC
webapps/sec, this would need stablereq for x86 / amd64 feel free :D
Comment 2 Agostino Sarubbo gentoo-dev 2015-10-13 07:23:35 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-10-13 07:24:29 UTC
x86 stable.

Maintainer(s), please cleanup.
Comment 4 Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2015-10-13 14:34:56 UTC
cleaned up
Comment 5 Agostino Sarubbo gentoo-dev 2015-10-13 15:02:37 UTC
Closing as noglsa