Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 308059 (CVE-2010-0438) - <www-apps/otrs-3.0.10: Multiple SQL injection vulnerabilities (CVE-2010-0438)
Summary: <www-apps/otrs-3.0.10: Multiple SQL injection vulnerabilities (CVE-2010-0438)
Status: RESOLVED FIXED
Alias: CVE-2010-0438
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://www.otrs.org/news/2010/otrs_2-...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on: 337755
Blocks:
  Show dependency tree
 
Reported: 2010-03-06 15:47 UTC by Stefan Behte (RETIRED)
Modified: 2011-08-19 15:35 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
otrs-2.4.7.ebuild (otrs-2.4.7.ebuild,3.36 KB, text/plain)
2010-03-20 14:40 UTC, Andreis Vinogradovs ( slepnoga ) 		no flags Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-03-06 15:47:13 UTC 
CVE-2010-0438 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0438):
  Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in
  OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9,
  2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow
  remote authenticated users to execute arbitrary SQL commands via
  unspecified vectors.
Comment 1 Andreis Vinogradovs ( slepnoga ) 2010-03-19 14:18:30 UTC 
in overlay rion affected versions removed.
available 2.4.7
Comment 2 Stefan Behte (RETIRED) gentoo-dev Security 2010-03-19 22:28:15 UTC 
webapps, please bump
Comment 3 Andreis Vinogradovs ( slepnoga ) 2010-03-20 14:40:14 UTC 
Created attachment 224391 [details]
otrs-2.4.7.ebuild
Comment 4 Andreis Vinogradovs ( slepnoga ) 2010-09-19 08:25:05 UTC 
Comment on attachment 224391 [details]
otrs-2.4.7.ebuild

Affected version, see #337755
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-08-19 15:32:26 UTC 
Fixed software added and vulnerable versions removed by Patrick Lauer via bug 379855. Closing noglsa for ~arch package.