U radu više programskih paketa (glpi, glpi-data-injection, glpi-mass-ocs-import, glpi-pdf) ustanovljena je sigurnosna ranjivost. Zloćudni korisnici su ju mogli iskoristiti za umetanje HTML i skriptnog koda.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-10661
2012-07-14 21:21:43
--------------------------------------------------------------------------------

Name        : glpi
Product     : Fedora 17
Version     : 0.83.4
Release     : 1.fc17
URL         : http://www.glpi-project.org/
Summary     : Free IT asset management software
Description :
GLPI is the Information Resource-Manager with an additional Administration-
Interface. You can use it to build up a database with an inventory for your
company (computer, software, printers...). It has enhanced functions to make
the daily life for the administrators easier, like a job-tracking-system with
mail-notification and methods to build a database with basic information
about your network-topology.

--------------------------------------------------------------------------------
Update Information:

The official GLPI 0.83.3 version is now available from download

This version correct several minor bugs and a security bug. You are stongly
encouraged to update your actual version.

Thanks to Prajal Kulkarni.

Upstream Changelog

Version 0.83.31
* Bug #3633: Check rights for massive actions for tickets (priority / status)
* Bug #3634: Problem adding contract using template
* Bug #3635: Wrong ticket template load when changing users with different
entities
* Bug #3636: count active object in ticket form
* Bug #3656: Comment on reservation item list
* Bug #3666: Redirect give right error when default entity set to another entity
than the redirected item one
* Bug #3667: Unable to set password when creating users with limited rights
* Bug #3668: Ticket template and itemtype predefined problem
* Bug #3670: Check mandatory description when predefined
* Bug #3678: Problem on document_item entity information
* Bug #3680: No refresh after group creation from item form detail
* Bug #3681: Ticket notification : don't show auto close warning when autoclose
= 0
* Bug #3682: Masive action lost : move network port
* Bug #3683: Display Ticket Tab
* Bug #3685: Missing in not imported email list
* Bug #3686: Broken software dictionnary
* Bug #3687: Software dictionnary results not apply during OCS import
* Bug #3689: Duplicate entry in KB
* Bug #3691: Import computer rule broken for "name is empty"
* Bug #3693: Bug on recompute soft category
* Bug #3696: Ticket template input slashes on error
* Bug #3697: mailcollector conflict with ticket rule assign user.
* Bug #3701: Reminder list show public notes when not allowed to
* Bug #3704: CSRF prevention step 1
* Bug #3705: Security XSS for few items
* Bug #3707: CSRF prevention step 2
* Bug #3714: Templates and direct connections
* Bug #3715: Add element with a template have direct connection
* Bug #3731: CheckAlreadyPlanned for plugins
* Bug #3732: Link on checkAlreadyPlanned for ITIL tasks
* Feature #3642: Make location a user pref
* Feature #3650: Statut par dÄ