Package glpi: Information
Default inline alert: Version in the repository: 10.0.15-alt1
Source package: glpi
Version: 10.0.9-alt1
Build time: Jul 26, 2023, 12:16 AM in the task #325568
Category: Networking/Other
Report package bugHome page: http://www.glpi-project.org
License: GPLv3
Summary: IT and asset management software
Description:
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology.
List of rpms provided by this srpm:
glpi (noarch)
glpi-apache2 (noarch)
glpi-php8.0 (noarch)
glpi-php8.1 (noarch)
glpi-php8.2 (noarch)
glpi (noarch)
glpi-apache2 (noarch)
glpi-php8.0 (noarch)
glpi-php8.1 (noarch)
glpi-php8.2 (noarch)
Maintainer: Pavel Zilke
Last changed
July 13, 2023 Pavel Zilke 10.0.9-alt1
- New version 10.0.9 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-37278 : SQL injection in dashboard administration - Deleted glpi-php7
July 13, 2023 Pavel Zilke 10.0.8-alt1
- New version 10.0.8 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-35924 : SQL injection via inventory agent request + CVE-2023-36808 : SQL injection through Computer Virtual Machine information + CVE-2023-35939 : Unauthorized access to Dashboard data + CVE-2023-35940 : Unauthenticated access to Dashboard data + CVE-2023-34244 : Reflected XSS in search pages + CVE-2023-34107 : Unauthorized access to knowledge base items + CVE-2023-34106 : Unauthorized access to user data
May 13, 2023 Pavel Zilke 10.0.7-alt1
- New version 10.0.7 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-28849 : SQL injection and Stored XSS via inventory agent request + CVE-2023-28632 : Account takeover by authenticated user + CVE-2023-28838 : SQL injection through dynamic reports + CVE-2023-28852 : Stored XSS through dashboard administration + CVE-2023-28636 : Stored XSS on external links + CVE-2023-28639 : Reflected XSS in search pages + CVE-2023-28634 : Privilege Escalation from technician to super-admin + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds