Bug#682482: unblock: glpi/0.83.31-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#682482: unblock: glpi/0.83.31-1
From: Pierre Chifflier <pollux@debian.org>
Date: Mon, 23 Jul 2012 10:56:35 +0200
Message-id: <20120723085635.5720.2308.reportbug@ks26688.kimsufi.com>
Reply-to: Pierre Chifflier <pollux@debian.org>, 682482@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

GLPI 0.83.31 (micro-fix based on 0.83.3) is an important security
release, fixing two CVEs:

CVE-2012-4002:
  Bug #3704: CSRF prevention step 1
  Bug #3707: CSRF prevention step 2

CVE-2012-4003:
  Bug #3705: Security XSS for few items

https://forge.indepnet.net/projects/glpi/versions/771

Note: the diff from 0.83.2-1 (current testing) is pretty big, but almost
all the patch is made of fixes in many files. Trying to backport would
make no sense imho since it would bring almost everything, and make future
maintenance even harder.

Please allow GLPI 0.83.31 in testing.

Regards,
Pierre

unblock glpi/0.83.31-1

Reply to:

Follow-Ups:
- Bug#682482: unblock: glpi/0.83.31-1
  - From: Niels Thykier <niels@thykier.net>

Prev by Date: Bug#682480: unblock: php5/5.4.5-1
Next by Date: Bug#682460: unblock: boost1.50/1.50.0-1
Previous by thread: Bug#682480: marked as done (unblock: php5/5.4.5-1)
Next by thread: Bug#682482: unblock: glpi/0.83.31-1
Index(es):
- Date
- Thread