Package glpi: Information

  • Default inline alert: Version in the repository: 10.0.15-alt1

Source package: glpi
Version: 10.0.7-alt1
Build time:  May 15, 2023, 09:21 PM
Category: Networking/Other
Report package bug
License: GPLv3
Summary: IT and asset management software
Description: 
GLPI is the Information Resource-Manager with an additional Administration-
Interface.
You can use it to build up a database with an inventory for your company
(computer, software, printers...).
It has enhanced functions to make the daily life for the administrators easier,
like a job-tracking-system with mail-notification and methods to build a
database with basic information about your network-topology.

List of rpms provided by this srpm:
glpi (noarch)
glpi-apache2 (noarch)
glpi-php7 (noarch)
glpi-php8.0 (noarch)
glpi-php8.1 (noarch)
glpi-php8.2 (noarch)

Maintainer: Pavel Zilke

List of contributors:
Pavel Zilke

    1. rpm-macros-webserver-common

Last changed


May 13, 2023 Pavel Zilke 10.0.7-alt1
- New version 10.0.7
- This release fixes several security issues that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2023-28849 : SQL injection and Stored XSS via inventory agent request
 + CVE-2023-28632 : Account takeover by authenticated user
 + CVE-2023-28838 : SQL injection through dynamic reports
 + CVE-2023-28852 : Stored XSS through dashboard administration
 + CVE-2023-28636 : Stored XSS on external links
 + CVE-2023-28639 : Reflected XSS in search pages
 + CVE-2023-28634 : Privilege Escalation from technician to super-admin
 + CVE-2023-28633 : Blind Server-Side Request Forgery (SSRF) in RSS feeds
Jan. 24, 2023 Pavel Zilke 10.0.6-alt1
- New version 10.0.6
- This release fixes several security issues that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2023-22500 : Unauthorized access to inventory files
 + CVE-2023-22722 : XSS on browse views
 + CVE-2023-22725 : XSS on external links
 + CVE-2023-22724 : XSS in RSS Description Link
 + CVE-2023-23610 : Unauthorized access to data export
 + CVE-2022-41941 : Stored XSS inside Standard Interface Help Link href attribute
- Added glpi-php8.2
Nov. 4, 2022 Pavel Zilke 10.0.5-alt1
- New version 10.0.5
- This release fixes several security issues that has been recently discovered. Update is recommended!
- Security fixes:
 + CVE-2022-39276 : Blind SSRF in RSS feeds and planning
 + CVE-2022-39372 : Stored XSS in user information
 + CVE-2022-39373 : Stored XSS in entity name
 + CVE-2022-39376 : Improper input validation on emails links
 + CVE-2022-39370 : Improper access to debug panel
 + CVE-2022-39234 : User's session persist after permanently deleting his account
 + CVE-2022-39262 : Stored XSS on login page
 + CVE-2022-39277 : XSS in external links
 + CVE-2022-39375 : XSS through public RSS feed
 + CVE-2022-39323 : SQL Injection on REST API
 + CVE-2022-39371 : Stored XSS through asset inventory