Package glpi: Information
Source package: glpi
Version: 10.0.17-alt1
Build time: Jan 18, 2025, 10:49 AM
Category: Networking/Other
Report package bugHome page: http://www.glpi-project.org
License: GPLv3
Summary: IT and asset management software
Description:
GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system with mail-notification and methods to build a database with basic information about your network-topology.
List of RPM packages built from this SRPM:
glpi (noarch)
glpi-apache2 (noarch)
glpi-php8.1 (noarch)
glpi-php8.2 (noarch)
glpi-php8.3 (noarch)
glpi (noarch)
glpi-apache2 (noarch)
glpi-php8.1 (noarch)
glpi-php8.2 (noarch)
glpi-php8.3 (noarch)
Maintainer: Pavel Zilke
Last changed
Nov. 8, 2024 Pavel Zilke 10.0.17-alt1
- New version 10.0.17 - Added glpi-php8.3 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-50339 : Unauthenticated session hijacking + CVE-2024-40638 : Account takeover through SQL injection + CVE-2024-43416 : Users email enumeration by unauthenticated user + CVE-2024-47758 : Account takeover without privilege escalation through the API + CVE-2024-47761 : Account takeover via the password reset feature + CVE-2024-47760 : Account takeover via API + CVE-2024-48912 : Insecure account deletion by authenticated user + CVE-2024-45608 : Authenticated SQL Injection + CVE-2024-41679 : Authenticated SQL injection in ticket form + CVE-2024-45611 : Stored XSS in RSS feeds + CVE-2024-47759 : Stored XSS via document upload + CVE-2024-43417 : Reflected XSS + CVE-2024-43418 : Reflected XSS + CVE-2024-45609 : Reflected XSS + CVE-2024-45610 : Reflected XSS + CVE-2024-41678 : Reflected XSS
July 3, 2024 Pavel Zilke 10.0.16-alt1
- New version 10.0.16 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-37148 : Account takeover via SQL Injection in AJAX scripts + CVE-2024-37149 : Remote code execution through the plugin loader + CVE-2024-37147 : Authenticated file upload to restricted tickets
April 26, 2024 Pavel Zilke 10.0.15-alt1
- New version 10.0.15 - This release fixes a security issue that has been recently discovered. Update is recommended! - Security fixes: + CVE-2024-31456 Authenticated SQL injection from map search + CVE-2024-29889 Account takeover via SQL Injection in saved searches feature