Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 308059 (CVE-2010-0438) - <www-apps/otrs-3.0.10: Multiple SQL injection vulnerabilities (CVE-2010-0438)
Summary: <www-apps/otrs-3.0.10: Multiple SQL injection vulnerabilities (CVE-2010-0438)
Alias: CVE-2010-0438
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~3 [noglsa]
Depends on: 337755
  Show dependency tree
Reported: 2010-03-06 15:47 UTC by Stefan Behte (RETIRED)
Modified: 2011-08-19 15:35 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

otrs-2.4.7.ebuild (otrs-2.4.7.ebuild,3.36 KB, text/plain)
2010-03-20 14:40 UTC, Andreis Vinogradovs ( slepnoga )
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:47:13 UTC
CVE-2010-0438 (
  Multiple SQL injection vulnerabilities in Kernel/System/ in
  OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9,
  2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow
  remote authenticated users to execute arbitrary SQL commands via
  unspecified vectors.
Comment 1 Andreis Vinogradovs ( slepnoga ) 2010-03-19 14:18:30 UTC
in overlay rion affected versions removed.
available 2.4.7
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-19 22:28:15 UTC
webapps, please bump
Comment 3 Andreis Vinogradovs ( slepnoga ) 2010-03-20 14:40:14 UTC
Created attachment 224391 [details]
Comment 4 Andreis Vinogradovs ( slepnoga ) 2010-09-19 08:25:05 UTC
Comment on attachment 224391 [details]

Affected version, see #337755
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-08-19 15:32:26 UTC
Fixed software added and vulnerable versions removed by Patrick Lauer via bug 379855. Closing noglsa for ~arch package.