Diffusion FreeBSD ports repository 35c59aa6e4e0

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)
35c59aa6e4e0
Actions

Description

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)

Mostly a security release (2 high severity security fixes).

ChangeLog:
https://github.com/glpi-project/glpi/releases/tag/10.0.15

This release fixes a few security issues that have been recently discovered.
Update is recommended!
You will find below the list of security issues fixed in this bugfixes version:

[SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)
[SECURITY - high] Account takeover via SQL Injection in saved searches feature

(CVE-2024-29889)

Also, here is a short list of main changes done in this version:

[FIX] Fix used right by reservation form.
[FIX] Do not rely on input to apply rules rights.
[FIX] Always store updated SMTP Oauth refresh token.
[TASK] Upgrade tinymce.

PR: 278641
MFH: 2024Q2

Details

Provenance

Mathias Monnerville <mathias@monnerville.com>	Authored on Apr 29 2024, 10:16 AM
vvd	Committed on Apr 29 2024, 10:16 AM

Parents

R11:4f20488ee33e: sysutils/cbsd: Update to 14.0.8

Branches

Unknown

Tags

Unknown

Event Timeline

vvd committed R11:35c59aa6e4e0: www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889) (authored by Mathias Monnerville <mathias@monnerville.com>).Apr 29 2024, 10:16 AM

vvd mentioned this in R11:1492fce2c6ad: www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889).Apr 29 2024, 10:34 AM

Changes (3)

Path

Size

www/

glpi/

Makefile

distinfo

pkg-plist

R11:35c59aa6e4e0

View Options

www/glpi/Makefile

View Options

www/glpi/distinfo

View Options

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)35c59aa6e4e0Actions

Description

Details

Event Timeline

Changes (3)

R11:35c59aa6e4e0

www/glpi/Makefile

www/glpi/distinfo

www/glpi/pkg-plist

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)
35c59aa6e4e0
Actions