Maintainer Pavel Zilke in the p9 branch: Information
Maintainer name: Pavel Zilke (zidex)
Built source packages in this branch: 4
Last changes
Jun 27, 2023, 03:07 PM
#323561 sent by Pavel Zilke
security_fix
IT and asset management software
May 27, 2023 Pavel Zilke:
- New version 9.5.13 - This release fixes several security issues that have been recently discovered. Update is recommended! - Security fixes: + CVE-2023-28632 : Account takeover by authenticated user + CVE-2023-28838 : SQL injection through dynamic reports + CVE-2023-28852 : Stored XSS through dashboard administration + CVE-2023-28636 : Stored XSS on external links + CVE-2023-28639 : Reflected XSS in search pages + CVE-2023-28634 : Privilege Escalation from technician to super-admin + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds
Mar 29, 2023, 06:05 PM
#317348 sent by Pavel Zilke
security_fix
IT and asset management software
March 18, 2023 Pavel Zilke:
- New version 9.5.12 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-22722 : XSS on browse views + CVE-2023-22725 : XSS on external links + CVE-2023-23610 : Unauthorized access to data export + CVE-2022-41941 : Stored XSS inside Standard Interface Help Link href attribute
Dec 5, 2022, 10:42 AM
#310702 sent by Pavel Zilke
security_fix
IT and asset management software
Nov. 5, 2022 Pavel Zilke:
- New version 9.5.11 - Bugfix for previouys release
Sep 23, 2022, 06:16 PM
#307140 sent by Pavel Zilke
critical_security_fix
IT and asset management software
Sept. 14, 2022 Pavel Zilke:
- New version 9.5.9 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API + CVE-2022-31143 : Leak of sensitive information through login page error + CVE-2022-35914 : [critical] Command injection using a third-party library script + CVE-2022-35946 : SQL injection through plugin controller + CVE-2022-35947 : [critical] Authentication via SQL injection + CVE-2022-36112 : Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning
Jul 11, 2022, 02:42 PM
#303295 sent by Pavel Zilke
security_fix
IT and asset management software
July 4, 2022 Pavel Zilke:
- New version 9.5.8 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-31061 : SQL injection on login page + CVE-2022-24868 : XSS / open redirect via SVG file upload + CVE-2022-24869 : Cross Site CSS Injection
Mar 21, 2022, 11:41 AM
#296878 sent by Pavel Zilke
security_fix
IT and asset management software
Jan. 27, 2022 Pavel Zilke:
- New version 9.5.7 - This is a security release, upgrading is recommended - Security fixes: + CVE-2022-21720 : SQL injection using custom CSS administration form + CVE-2022-21719 : Reflected XSS using reload button
Oct 18, 2021, 03:20 PM
#287044 sent by Pavel Zilke
security_fix
IT and asset management software
Oct. 12, 2021 Pavel Zilke:
- New version 9.5.6 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-39211 : Disclosure of GLPI and server informations in telemetry endpoint + CVE-2021-39210 : Autologin cookie accessible by scripts + CVE-2021-39209 : Bypassable CSRF protection on ajax endpoints + CVE-2021-39213 : Bypassable IP restriction on GLPI API using custom header injection
Jun 2, 2021, 06:34 PM
#272696 sent by Pavel Zilke
security_fix
IT and asset management software
May 13, 2021 Pavel Zilke:
- New version 9.5.5 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-3486 : Stored XSS in plugins information
Apr 14, 2021, 09:09 PM
#269862 sent by Pavel Zilke
security_fixes
IT and asset management software
March 31, 2021 Pavel Zilke:
- New version 9.5.4 - This is a security release, upgrading is recommended - Security fixes: + CVE-2021-21326 : Horizontal Privilege Escalation + CVE-2021-21255 : entities switch IDOR + CVE-2021-21258 : XSS injection in ajax/kanban + CVE-2021-21314 : XSS injection on ticket update + CVE-2021-21312 : Stored XSS on documents + CVE-2021-21313 : XSS on tabs + CVE-2021-21325 : Stored XSS in budget type + CVE-2021-21327 : Unsafe Reflection in getItemForItemtype() + CVE-2021-21324 : Insecure Direct Object Reference (IDOR) on "Solutions"
Dec 26, 2020, 07:09 PM
#263876 sent by Pavel Zilke
security_fixes
IT and asset management software
Dec. 5, 2020 Pavel Zilke:
- New version 9.5.3 - This is a security release, upgrading is recommended - Security fixes: + CVE-2020-27662 : Insecure Direct Object Reference on ajax/comments.php + CVE-2020-27663 : Insecure Direct Object Reference on ajax/getDropdownValue.php + CVE-2020-26212 : Any CalDAV calendars is read-only for every authenticated user
Jul 27, 2020, 10:38 AM
#255220 sent by Pavel Zilke
security_fixes
IT and asset management software
June 7, 2020 Pavel Zilke:
- New version 9.4.6 - This is a security release, upgrading is highly recommended