[Secure-testing-team] Bug#513611: glpi: 'ID' Parameter Multiple SQL Injection Vulnerabilities
Nelson A. de Oliveira
naoliv at debian.org
Fri Jan 30 18:04:16 UTC 2009
Package: glpi
Version: 0.71.2-2
Severity: grave
Tags: security
Justification: user security hole
Hi!
glpi versions prior to 0.71.4 are affected by a SQL injection vulnerability.
See the upstream announce [1] and SecurityFocus [2].
[1] http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
[2] http://www.securityfocus.com/bid/33477
Thank you very much!
Best regards,
Nelson
-- System Information:
Debian Release: 5.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.28.2-naoliv1 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list