Package glpi: Information
Default inline alert: Version in the repository: 10.0.14-alt1
Source package: glpi
Version: 10.0.6-alt1
Build time: Mar 18, 2023, 01:08 PM in the task #316952
Category: Networking/Other
Report package bugHome page: http://www.glpi-project.org
License: GPLv3
Summary: IT and asset management software
Description:
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology.
List of rpms provided by this srpm:
glpi (noarch)
glpi-apache2 (noarch)
glpi-php7 (noarch)
glpi-php8.0 (noarch)
glpi-php8.1 (noarch)
glpi-php8.2 (noarch)
glpi (noarch)
glpi-apache2 (noarch)
glpi-php7 (noarch)
glpi-php8.0 (noarch)
glpi-php8.1 (noarch)
glpi-php8.2 (noarch)
Maintainer: Pavel Zilke
Last changed
Jan. 24, 2023 Pavel Zilke 10.0.6-alt1
- New version 10.0.6 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-22500 : Unauthorized access to inventory files + CVE-2023-22722 : XSS on browse views + CVE-2023-22725 : XSS on external links + CVE-2023-22724 : XSS in RSS Description Link + CVE-2023-23610 : Unauthorized access to data export + CVE-2022-41941 : Stored XSS inside Standard Interface Help Link href attribute - Added glpi-php8.2
Nov. 4, 2022 Pavel Zilke 10.0.5-alt1
- New version 10.0.5 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information + CVE-2022-39373 : Stored XSS in entity name + CVE-2022-39376 : Improper input validation on emails links + CVE-2022-39370 : Improper access to debug panel + CVE-2022-39234 : User's session persist after permanently deleting his account + CVE-2022-39262 : Stored XSS on login page + CVE-2022-39277 : XSS in external links + CVE-2022-39375 : XSS through public RSS feed + CVE-2022-39323 : SQL Injection on REST API + CVE-2022-39371 : Stored XSS through asset inventory
Sept. 14, 2022 Pavel Zilke 10.0.3-alt1
- New version 10.0.3 - This release fixes several critical security issues that has been recently discovered. Update is strongly recommended! - Security fixes: + CVE-2022-35945 : XSS through registration API + CVE-2022-31143 : Leak of sensitive information through login page error + CVE-2022-31187 : Stored XSS through global search (CVE-2022-31187) + CVE-2022-35914 : [critical] Command injection using a third-party library script + CVE-2022-35946 : SQL injection through plugin controller + CVE-2022-35947 : [critical] Authentication via SQL injection + CVE-2022-36112 : Blind Server-Side Request Forgery (SSRF) in RSS feeds and planning