Bug#682482: unblock: glpi/0.83.31-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi,
GLPI 0.83.31 (micro-fix based on 0.83.3) is an important security
release, fixing two CVEs:
CVE-2012-4002:
Bug #3704: CSRF prevention step 1
Bug #3707: CSRF prevention step 2
CVE-2012-4003:
Bug #3705: Security XSS for few items
https://forge.indepnet.net/projects/glpi/versions/771
Note: the diff from 0.83.2-1 (current testing) is pretty big, but almost
all the patch is made of fixes in many files. Trying to backport would
make no sense imho since it would bring almost everything, and make future
maintenance even harder.
Please allow GLPI 0.83.31 in testing.
Regards,
Pierre
unblock glpi/0.83.31-1
Reply to: