Diffusion FreeBSD ports repository 1492fce2c6ad

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)
1492fce2c6ad
Actions

Description

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)

Mostly a security release (2 high severity security fixes).

ChangeLog:
https://github.com/glpi-project/glpi/releases/tag/10.0.15

This release fixes a few security issues that have been recently discovered.
Update is recommended!
You will find below the list of security issues fixed in this bugfixes version:

[SECURITY - high] Authenticated SQL injection from map search (CVE-2024-31456)
[SECURITY - high] Account takeover via SQL Injection in saved searches feature

(CVE-2024-29889)

Also, here is a short list of main changes done in this version:

[FIX] Fix used right by reservation form.
[FIX] Do not rely on input to apply rules rights.
[FIX] Always store updated SMTP Oauth refresh token.
[TASK] Upgrade tinymce.

PR: 278641
MFH: 2024Q2
(cherry picked from commit 35c59aa6e4e0930a98b482bfc3594ec9cd53bf19)

Details

Provenance

Mathias Monnerville <mathias@monnerville.com>	Authored on Mon, Apr 29, 10:16 AM
vvd	Committed on Mon, Apr 29, 10:34 AM

Parents

R11:02afd2d3a6c1: www/gitlab: security and patch update to 16.11.1

Branches

Unknown

Tags

Unknown

Event Timeline

vvd committed R11:1492fce2c6ad: www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889) (authored by Mathias Monnerville <mathias@monnerville.com>).Mon, Apr 29, 10:34 AM

Changes (3)

Path

Size

www/

glpi/

Makefile

distinfo

pkg-plist

R11:1492fce2c6ad

View Options

www/glpi/Makefile

View Options

www/glpi/distinfo

View Options

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)1492fce2c6adActions

Description

Details

Event Timeline

Changes (3)

R11:1492fce2c6ad

www/glpi/Makefile

www/glpi/distinfo

www/glpi/pkg-plist

www/glpi: update to 10.0.15 (CVE-2024-31456, CVE-2024-29889)
1492fce2c6ad
Actions