FreeBSD Bugzilla – Attachment 245565 Details for
Bug 272685
www/glpi: update 10.0.7 -> 10.0.10
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Update diff 10.0.7 --> 10.0.10 + vuln entries
glpi_10.10.10.vuln.diff (text/plain), 45.51 KB, created by
Andrej Ebert
on 2023-10-11 13:18:40 UTC
(
hide
)
Description:
Update diff 10.0.7 --> 10.0.10 + vuln entries
Filename:
MIME Type:
Creator:
Andrej Ebert
Created:
2023-10-11 13:18:40 UTC
Size:
45.51 KB
patch
obsolete
>diff --git a/security/vuxml/vuln/2020.xml b/security/vuxml/vuln/2020.xml >index c91206e3c6..c19786a860 100644 >--- a/security/vuxml/vuln/2020.xml >+++ b/security/vuxml/vuln/2020.xml >@@ -465,8 +465,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>9.5.0</gt></range> >- <range><lt>9.5.3</lt></range> >+ <range><ge>9.5.0</ge><lt>9.5.3</lt></range> > </package> > </affects> > <description> >@@ -486,6 +485,7 @@ > <dates> > <discovery>2020-10-01</discovery> > <entry>2020-10-01</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -494,8 +494,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>9.1</gt></range> >- <range><lt>9.5.2</lt></range> >+ <range><ge>9.1</ge><lt>9.5.2</lt></range> > </package> > </affects> > <description> >@@ -514,6 +513,7 @@ > <dates> > <discovery>2020-06-25</discovery> > <entry>2020-06-25</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -522,8 +522,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>9.5.0</gt></range> >- <range><lt>9.5.2</lt></range> >+ <range><ge>9.5.0</ge><lt>9.5.2</lt></range> > </package> > </affects> > <description> >@@ -542,6 +541,7 @@ > <dates> > <discovery>2020-06-25</discovery> > <entry>2020-06-25</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -550,8 +550,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>0.65</gt></range> >- <range><lt>9.5.2</lt></range> >+ <range><ge>0.65</ge><lt>9.5.2</lt></range> > </package> > </affects> > <description> >@@ -570,6 +569,7 @@ > <dates> > <discovery>2020-06-25</discovery> > <entry>2020-06-25</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -578,8 +578,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>0.68</gt></range> >- <range><lt>9.5.2</lt></range> >+ <range><ge>0.68</ge><lt>9.5.2</lt></range> > </package> > </affects> > <description> >@@ -598,6 +597,7 @@ > <dates> > <discovery>2020-06-25</discovery> > <entry>2020-06-25</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -606,8 +606,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>0.70</gt></range> >- <range><lt>9.5.2</lt></range> >+ <range><ge>0.70</ge><lt>9.5.2</lt></range> > </package> > </affects> > <description> >@@ -626,6 +625,7 @@ > <dates> > <discovery>2020-06-25</discovery> > <entry>2020-06-25</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -634,8 +634,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>9.5.0</gt></range> >- <range><lt>9.5.1</lt></range> >+ <range><ge>9.5.0</ge><lt>9.5.1</lt></range> > </package> > </affects> > <description> >@@ -655,6 +654,7 @@ > <dates> > <discovery>2020-06-25</discovery> > <entry>2020-06-25</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -663,8 +663,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>0.68.1</gt></range> >- <range><lt>9.4.6</lt></range> >+ <range><ge>0.68.1</ge><lt>9.4.6</lt></range> > </package> > </affects> > <description> >@@ -683,6 +682,7 @@ > <dates> > <discovery>2020-03-30</discovery> > <entry>2020-03-30</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -746,8 +746,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>0.83.3</gt></range> >- <range><lt>9.4.6</lt></range> >+ <range><ge>0.83.3</ge><lt>9.4.6</lt></range> > </package> > </affects> > <description> >@@ -767,6 +766,7 @@ > <dates> > <discovery>2020-03-30</discovery> > <entry>2020-03-30</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >@@ -803,8 +803,7 @@ > <affects> > <package> > <name>glpi</name> >- <range><gt>9.1</gt></range> >- <range><lt>9.4.6</lt></range> >+ <range><ge>9.1</ge><lt>9.4.6</lt></range> > </package> > </affects> > <description> >@@ -824,6 +823,7 @@ > <dates> > <discovery>2020-03-30</discovery> > <entry>2020-03-30</entry> >+ <modified>2023-10-11</modified> > </dates> > </vuln> > >diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml >index 9d58493a6b..9fd6e503e8 100644 >--- a/security/vuxml/vuln/2023.xml >+++ b/security/vuxml/vuln/2023.xml >@@ -1,3 +1,558 @@ >+ <vuln vid="10e86b16-6836-11ee-b06f-0050569ceb3a"> >+ <topic>Unallowed PHP script execution in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>From the GLPI 10.0.10 Changelog:</p> >+ <blockquote >+ cite="https://github.com/glpi-project/glpi/releases/tag/10.0.10"> >+ <p>You will find below security issues fixed in this bugfixes version: >+ [SECURITY - Critical] Unallowed PHP script execution (CVE-2023-42802).</p> >+ </blockquote> >+ <p>The mentioned CVE is invalid</p> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-42802</cvename> >+ <url>https://github.com/glpi-project/glpi/releases/tag/10.0.10</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="894f2491-6834-11ee-b06f-0050569ceb3a"> >+ <topic>glpi-project -- SQL injection in ITIL actors in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>10.0.8</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-x3jp-69f2-p84w"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. The ITIL >+ actors input field from the Ticket form can be used to perform a >+ SQL injection. Users are advised to upgrade to version 10.0.10. >+ There are no known workarounds for this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-42461</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-42461</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="54e5573a-6834-11ee-b06f-0050569ceb3a"> >+ <topic>Phishing through a login page malicious URL in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>10.0.8</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-2hcg-75jj-hghp"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. The lack >+ of path filtering on the GLPI URL may allow an attacker to transmit >+ a malicious URL of login page that can be used to attempt a phishing >+ attack on user credentials. Users are advised to upgrade to version >+ 10.0.10. There are no known workarounds for this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-41888</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-41888</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="20302cbc-6834-11ee-b06f-0050569ceb3a"> >+ <topic>Users login enumeration by unauthenticated user in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>0.68</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-5cf4-6q6r-49x9"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. An >+ unauthenticated user can enumerate users logins. Users are advised >+ to upgrade to version 10.0.10. There are no known workarounds for >+ this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-41323</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-41323</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="ae8b1445-6833-11ee-b06f-0050569ceb3a"> >+ <topic>Privilege Escalation from technician to super-admin in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>9.1.0</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-9j8m-7563-8xvr"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. A user >+ with write access to another user can make requests to change the >+ latter's password and then take control of their account. >+ Users are advised to upgrade to version 10.0.10. There are no known >+ work around for this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-41322</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-41322</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="6851f3bb-6833-11ee-b06f-0050569ceb3a"> >+ <topic>Sensitive fields enumeration through API in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>9.1.1</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-3fxw-j5rj-w836"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. An API >+ user can enumerate sensitive fields values on resources on which >+ he has read access. Users are advised to upgrade to version 10.0.10. >+ There are no known workarounds for this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-41321</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-41321</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="df71f5aa-6831-11ee-b06f-0050569ceb3a"> >+ <topic>File deletion through document upload process in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>10.0.0</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-hm76-jh96-7j75"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. The document >+ upload process can be diverted to delete some files. Users are >+ advised to upgrade to version 10.0.10. There are no known workarounds >+ for this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-42462</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-42462</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="95c4ec45-6831-11ee-b06f-0050569ceb3a"> >+ <topic>Account takeover through API in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>9.3.0</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-58wj-8jhx-jpm3"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. An API >+ user that have read access on users resource can steal accounts of >+ other users. Users are advised to upgrade to version 10.0.10. >+ There are no known workarounds for this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-41324</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-41324</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="040e69f1-6831-11ee-b06f-0050569ceb3a"> >+ <topic>Account takeover via Kanban feature in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>9.5.0</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-5wj6-hp4c-j5q9"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. A logged >+ user from any profile can hijack the Kanban feature to alter any >+ user field, and end-up with stealing its account. Users are advised >+ to upgrade to version 10.0.10. There are no known workarounds for >+ this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-41326</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-41326</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="6f6518ab-6830-11ee-b06f-0050569ceb3a"> >+ <topic>Account takeover via SQL Injection in UI layout preferences in GLPI</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>10.0.0</ge><lt>10.0.10</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/security/advisories/GHSA-mv2r-gpw3-g476"> >+ <p>GLPI stands for Gestionnaire Libre de Parc Informatique is a Free >+ Asset and IT Management Software package, that provides ITIL Service >+ Desk features, licenses tracking and software auditing. UI layout >+ preferences management can be hijacked to lead to SQL injection. >+ This injection can be use to takeover an administrator account. >+ Users are advised to upgrade to version 10.0.10. There are no known >+ workarounds for this vulnerability.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-41320</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-41320</url> >+ </references> >+ <dates> >+ <discovery>2023-09-27</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="257e1bf0-682f-11ee-b06f-0050569ceb3a"> >+ <topic>GLPI vulnerable to SQL injection via dashboard administration</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>9.5.0</ge><lt>10.0.9</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.9"> >+ <p>GLPI is a Free Asset and IT Management Software package, Data center >+ management, ITIL Service Desk, licenses tracking and software >+ auditing. An administrator can trigger SQL injection via dashboards >+ administration. This vulnerability has been patched in version >+ 10.0.9. >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-37278</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-37278</url> >+ </references> >+ <dates> >+ <discovery>2023-07-13</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="40173815-6827-11ee-b06f-0050569ceb3a"> >+ <topic>GLPI vulnerable to unauthorized access to User data</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>0.68</ge><lt>10.0.8</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8"> >+ <p>GLPI is a free asset and IT management software package. Versions >+ of the software starting with 0.68 and prior to 10.0.8 have an >+ incorrect rights check on a on a file accessible by an authenticated >+ user. This allows access to the list of all users and their personal >+ information. Users should upgrade to version 10.0.8 to receive a >+ patch.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-34106</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-34106</url> >+ </references> >+ <dates> >+ <discovery>2023-07-05</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="1fe40200-6823-11ee-b06f-0050569ceb3a"> >+ <topic>GLPI vulnerable to unauthorized access to KnowbaseItem data</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>9.2.0</ge><lt>10.0.8</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8"> >+ <p>GLPI is a free asset and IT management software package. Versions >+ of the software starting with 9.2.0 and prior to 10.0.8 have an >+ incorrect rights check on a on a file accessible by an authenticated >+ user, allows access to the view all KnowbaseItems. Version 10.0.8 >+ has a patch for this issue.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-34107</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-34107</url> >+ </references> >+ <dates> >+ <discovery>2023-07-05</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="b14a6ddc-6821-11ee-b06f-0050569ceb3a"> >+ <topic>GLPI vulnerable to reflected XSS in search pages</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>9.4.0</ge><lt>10.0.8</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8"> >+ <p>GLPI is a free asset and IT management software package. Starting >+ in version 9.4.0 and prior to version 10.0.8, a malicious link can >+ be crafted by an unauthenticated user that can exploit a reflected >+ XSS in case any authenticated user opens the crafted link. Users >+ should upgrade to version 10.0.8 to receive a patch.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-34244</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-34244</url> >+ </references> >+ <dates> >+ <discovery>2023-07-05</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="95fde6bc-6821-11ee-b06f-0050569ceb3a"> >+ <topic>GLPI vulnerable to unauthenticated access to Dashboard data</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>9.5.0</ge><lt>10.0.8</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8"> >+ <p>GLPI is a free asset and IT management software package. Starting >+ in version 9.5.0 and prior to version 10.0.8, an incorrect rights >+ check on a file allows an unauthenticated user to be able to access >+ dashboards data. Version 10.0.8 contains a patch for this issue.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-35940</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-35940</url> >+ </references> >+ <dates> >+ <discovery>2023-07-05</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="717efd8a-6821-11ee-b06f-0050569ceb3a"> >+ <topic>GLPI vulnerable to unauthorized access to Dashboard data</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+<range><ge>9.5.0</ge><lt>10.0.8</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8"> >+ <p>GLPI is a free asset and IT management software package. Starting >+ in version 9.5.0 and prior to version 10.0.8, an incorrect rights >+ check on a on a file accessible by an authenticated user (or not >+ for certain actions), allows a threat actor to interact, modify, >+ or see Dashboard data. Version 10.0.8 contains a patch for this >+ issue.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-35939</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-35939</url> >+ </references> >+ <dates> >+ <discovery>2023-07-05</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="548a4163-6821-11ee-b06f-0050569ceb3a"> >+ <topic>GLPI vulnerable to SQL injection through Computer Virtual Machine information</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>0.80</ge><lt>10.0.8</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8"> >+ <p>GLPI is a free asset and IT management software package. Starting >+ in version 0.80 and prior to version 10.0.8, Computer Virtual Machine >+ form and GLPI inventory request can be used to perform a SQL injection >+ attack. Version 10.0.8 has a patch for this issue. As a workaround, >+ one may disable native inventory.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-36808</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-36808</url> >+ </references> >+ <dates> >+ <discovery>2023-07-05</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="e44e5ace-6820-11ee-b06f-0050569ceb3a"> >+ <topic>GLPI vulnerable to SQL injection via inventory agent request</topic> >+ <affects> >+ <package> >+ <name>glpi</name> >+ <range><ge>10.0.0</ge><lt>10.0.8</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>security-advisories@github.com reports:</p> >+ <blockquote cite="https://github.com/glpi-project/glpi/releases/tag/10.0.8"> >+ <p>GLPI is a free asset and IT management software package. Starting >+ in version 10.0.0 and prior to version 10.0.8, GLPI inventory >+ endpoint can be used to drive a SQL injection attack. By default, >+ GLPI inventory endpoint requires no authentication. Version 10.0.8 >+ has a patch for this issue. As a workaround, one may disable native >+ inventory.</p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2023-35924</cvename> >+ <url>https://nvd.nist.gov/vuln/detail/CVE-2023-35924</url> >+ </references> >+ <dates> >+ <discovery>2023-07-05</discovery> >+ <entry>2023-10-11</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="4f254817-6318-11ee-b2ff-080027de9982"> > <topic>Django -- multiple vulnerabilities</topic> > <affects> >diff --git a/www/glpi/Makefile b/www/glpi/Makefile >index a47b1067bb..12c55af8fa 100644 >--- a/www/glpi/Makefile >+++ b/www/glpi/Makefile >@@ -1,6 +1,6 @@ > PORTNAME= glpi >-PORTVERSION= 10.0.7 >-PORTEPOCH= 1 >+PORTVERSION= 10.0.10 >+PORTEPOCH= 2 > CATEGORIES= www > MASTER_SITES= https://github.com/glpi-project/glpi/releases/download/${PORTVERSION}/ > >@@ -15,7 +15,6 @@ CPE_VENDOR= glpi-project > USE_PHP= bz2 ctype curl exif fileinfo gd iconv intl mbstring \ > mysqli opcache session simplexml sodium xml xmlrpc zip zlib \ > dom filter >-IGNORE_WITH_PHP= 82 83 > > NO_ARCH= yes > NO_BUILD= yes >diff --git a/www/glpi/distinfo b/www/glpi/distinfo >index 12f511c803..2b88c1e053 100644 >--- a/www/glpi/distinfo >+++ b/www/glpi/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1683389004 >-SHA256 (glpi-10.0.7.tgz) = 0d51de960272d3d5b322e83d74a8261423d4baefad5ef815402591e8ead04e53 >-SIZE (glpi-10.0.7.tgz) = 56550228 >+TIMESTAMP = 1696934290 >+SHA256 (glpi-10.0.10.tgz) = b303eece25bcbf81cd6bcd74b2a8412f02b33c3471bd935530b06470dcf7b051 >+SIZE (glpi-10.0.10.tgz) = 59092816 >diff --git a/www/glpi/pkg-plist b/www/glpi/pkg-plist >index 80168dbd43..8cc307bd67 100644 >--- a/www/glpi/pkg-plist >+++ b/www/glpi/pkg-plist >@@ -18,6 +18,7 @@ > %%WWWDIR%%/ajax/compareKbRevisions.php > %%WWWDIR%%/ajax/dashboard.php > %%WWWDIR%%/ajax/dcroom_size.php >+%%WWWDIR%%/ajax/debug.php > %%WWWDIR%%/ajax/displayMessageAfterRedirect.php > %%WWWDIR%%/ajax/domainrecord_data_form.php > %%WWWDIR%%/ajax/dropdownAllItems.php >@@ -65,6 +66,7 @@ > %%WWWDIR%%/ajax/getMapPoint.php > %%WWWDIR%%/ajax/getShareDashboardDropdownValue.php > %%WWWDIR%%/ajax/getUserPicture.php >+%%WWWDIR%%/ajax/get_item_content.php > %%WWWDIR%%/ajax/helpdesk_observer.php > %%WWWDIR%%/ajax/impact.php > %%WWWDIR%%/ajax/index.php >@@ -121,6 +123,7 @@ > %%WWWDIR%%/ajax/unlockobject.php > %%WWWDIR%%/ajax/updateTrackingDeviceType.php > %%WWWDIR%%/ajax/updateTranslationFields.php >+%%WWWDIR%%/ajax/updateTranslationValue.php > %%WWWDIR%%/ajax/updatecurrenttab.php > %%WWWDIR%%/ajax/viewsubitem.php > %%WWWDIR%%/ajax/visibility.php >@@ -141,7 +144,7 @@ > %%WWWDIR%%/css/includes/components/_asset-form.scss > %%WWWDIR%%/css/includes/components/_browser_tree.scss > %%WWWDIR%%/css/includes/components/_buttons-group.scss >-%%WWWDIR%%/css/includes/components/_debug-panel.scss >+%%WWWDIR%%/css/includes/components/_debug-toolbar.scss > %%WWWDIR%%/css/includes/components/_documentation.scss > %%WWWDIR%%/css/includes/components/_fileupload.scss > %%WWWDIR%%/css/includes/components/_flatpickr.scss >@@ -268,6 +271,15 @@ > %%WWWDIR%%/css/lib/bootstrap/scss/mixins/_visually-hidden.scss > %%WWWDIR%%/css/lib/bootstrap/scss/utilities/_api.scss > %%WWWDIR%%/css/lib/bootstrap/scss/vendor/_rfs.scss >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-100-normal.woff >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-200-normal.woff >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-300-normal.woff >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-400-normal.woff >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-500-normal.woff >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-600-normal.woff >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-700-normal.woff >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-800-normal.woff >+%%WWWDIR%%/css/lib/fontsource/inter/files/inter-all-900-normal.woff > %%WWWDIR%%/css/lib/fontsource/inter/files/inter-cyrillic-100-normal.woff2 > %%WWWDIR%%/css/lib/fontsource/inter/files/inter-cyrillic-200-normal.woff2 > %%WWWDIR%%/css/lib/fontsource/inter/files/inter-cyrillic-300-normal.woff2 >@@ -666,7 +678,6 @@ > %%WWWDIR%%/front/fieldunicity.php > %%WWWDIR%%/front/filesystem.form.php > %%WWWDIR%%/front/filesystem.php >-%%WWWDIR%%/front/find_num.php > %%WWWDIR%%/front/fqdn.form.php > %%WWWDIR%%/front/fqdn.php > %%WWWDIR%%/front/graph.send.php >@@ -1199,6 +1210,23 @@ > %%WWWDIR%%/install/migrations/update_10.0.6_to_10.0.7/ticket_fix_internal_tto_escalation.php > %%WWWDIR%%/install/migrations/update_10.0.6_to_10.0.7/unmanageds.php > %%WWWDIR%%/install/migrations/update_10.0.6_to_10.0.7/wrong_fkey.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/changes.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/configs.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/dates.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/networkport.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/problems.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/queuednotification.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/ram_field.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/rule.php >+%%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8/rule_tickets.php >+%%WWWDIR%%/install/migrations/update_10.0.8_to_10.0.9.php >+%%WWWDIR%%/install/migrations/update_10.0.8_to_10.0.9/queuednotification.php >+%%WWWDIR%%/install/migrations/update_10.0.9_to_10.0.10.php >+%%WWWDIR%%/install/migrations/update_10.0.9_to_10.0.10/configs.php >+%%WWWDIR%%/install/migrations/update_10.0.9_to_10.0.10/ldap_fields.php >+%%WWWDIR%%/install/migrations/update_10.0.9_to_10.0.10/mailcollector.php >+%%WWWDIR%%/install/migrations/update_10.0.9_to_10.0.10/templates.php > %%WWWDIR%%/install/migrations/update_9.1.0_to_9.1.1.php > %%WWWDIR%%/install/migrations/update_9.1.1_to_9.1.3.php > %%WWWDIR%%/install/migrations/update_9.1.x_to_9.2.0.php >@@ -1271,6 +1299,45 @@ > %%WWWDIR%%/install/migrations/update_9.5.x_to_10.0.0/transfer.php > %%WWWDIR%%/install/migrations/update_9.5.x_to_10.0.0/uuids.php > %%WWWDIR%%/install/mysql/.htaccess >+%%WWWDIR%%/install/mysql/glpi-0.80.0-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.80.1-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.80.2-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.80.3-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.80.4-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.80.5-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.80.6-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.80.7-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.0-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.1-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.2-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.3-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.4-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.5-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.6-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.7-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.8-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.83.9-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.0-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.1-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.2-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.3-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.4-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.5-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.6-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.7-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.84.8-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.85.0-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.85.1-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.85.2-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.85.3-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.85.4-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.85.5-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.90.0-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.90.1-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.90.2-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.90.3-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.90.4-empty.sql >+%%WWWDIR%%/install/mysql/glpi-0.90.5-empty.sql > %%WWWDIR%%/install/mysql/glpi-10.0.0-empty.sql > %%WWWDIR%%/install/mysql/glpi-10.0.1-empty.sql > %%WWWDIR%%/install/mysql/glpi-10.0.2-empty.sql >@@ -1278,6 +1345,22 @@ > %%WWWDIR%%/install/mysql/glpi-10.0.4-empty.sql > %%WWWDIR%%/install/mysql/glpi-10.0.5-empty.sql > %%WWWDIR%%/install/mysql/glpi-10.0.6-empty.sql >+%%WWWDIR%%/install/mysql/glpi-10.0.7-empty.sql >+%%WWWDIR%%/install/mysql/glpi-10.0.8-empty.sql >+%%WWWDIR%%/install/mysql/glpi-10.0.9-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.1.0-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.1.1-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.1.2-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.1.3-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.1.4-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.1.5-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.1.6-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.1.7-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.2.0-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.2.1-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.2.2-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.2.3-empty.sql >+%%WWWDIR%%/install/mysql/glpi-9.2.4-empty.sql > %%WWWDIR%%/install/mysql/glpi-9.3.0-empty.sql > %%WWWDIR%%/install/mysql/glpi-9.3.1-empty.sql > %%WWWDIR%%/install/mysql/glpi-9.3.2-empty.sql >@@ -1336,6 +1419,8 @@ > %%WWWDIR%%/js/marketplace.min.js > %%WWWDIR%%/js/misc.js > %%WWWDIR%%/js/misc.min.js >+%%WWWDIR%%/js/modules/Debug/Debug.js >+%%WWWDIR%%/js/modules/Debug/Debug.min.js > %%WWWDIR%%/js/modules/Kanban/Kanban.js > %%WWWDIR%%/js/modules/Kanban/Kanban.min.js > %%WWWDIR%%/js/modules/Search/GenericView.js >@@ -1361,6 +1446,17 @@ > %%WWWDIR%%/js/rack.min.js > %%WWWDIR%%/js/reservations.js > %%WWWDIR%%/js/reservations.min.js >+%%WWWDIR%%/js/webkit_fix.js >+%%WWWDIR%%/js/webkit_fix.min.js >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/LICENSE.txt >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/jquery.fileupload-process.js >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/jquery.fileupload-process.min.js >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/jquery.fileupload-validate.js >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/jquery.fileupload-validate.min.js >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/jquery.fileupload.js >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/jquery.fileupload.min.js >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/jquery.iframe-transport.js >+%%WWWDIR%%/lib/blueimp/jquery-file-upload/jquery.iframe-transport.min.js > %%WWWDIR%%/lib/bundles/base.js > %%WWWDIR%%/lib/bundles/base.min.js > %%WWWDIR%%/lib/bundles/chartist.js >@@ -2410,10 +2506,20 @@ > %%WWWDIR%%/public/lib/tinymce-i18n/langs6/ug.min.js > %%WWWDIR%%/public/lib/tinymce-i18n/langs6/uk.js > %%WWWDIR%%/public/lib/tinymce-i18n/langs6/uk.min.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/uz.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/uz.min.js > %%WWWDIR%%/public/lib/tinymce-i18n/langs6/vi.js > %%WWWDIR%%/public/lib/tinymce-i18n/langs6/vi.min.js > %%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh-Hans.js > %%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh-Hans.min.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh-Hant.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh-Hant.min.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh_HK.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh_HK.min.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh_MO.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh_MO.min.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh_SG.js >+%%WWWDIR%%/public/lib/tinymce-i18n/langs6/zh_SG.min.js > %%WWWDIR%%/public/lib/tinymce.js > %%WWWDIR%%/public/lib/tinymce.js.map > %%WWWDIR%%/public/lib/tinymce.min.js >@@ -2715,6 +2821,17 @@ > %%WWWDIR%%/src/DCRoom.php > %%WWWDIR%%/src/Dashboard/Dashboard.php > %%WWWDIR%%/src/Dashboard/Filter.php >+%%WWWDIR%%/src/Dashboard/Filters/AbstractFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/DatesFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/DatesModFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/GroupTechFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/ItilCategoryFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/LocationFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/ManufacturerFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/RequestTypeFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/StateFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/TicketTypeFilter.php >+%%WWWDIR%%/src/Dashboard/Filters/UserTechFilter.php > %%WWWDIR%%/src/Dashboard/Grid.php > %%WWWDIR%%/src/Dashboard/Item.php > %%WWWDIR%%/src/Dashboard/Provider.php >@@ -2726,6 +2843,10 @@ > %%WWWDIR%%/src/DatabaseInstanceType.php > %%WWWDIR%%/src/Datacenter.php > %%WWWDIR%%/src/DbUtils.php >+%%WWWDIR%%/src/Debug/Profile.php >+%%WWWDIR%%/src/Debug/Profiler.php >+%%WWWDIR%%/src/Debug/ProfilerSection.php >+%%WWWDIR%%/src/Debug/Toolbar.php > %%WWWDIR%%/src/DeviceBattery.php > %%WWWDIR%%/src/DeviceBatteryModel.php > %%WWWDIR%%/src/DeviceBatteryType.php >@@ -2837,6 +2958,7 @@ > %%WWWDIR%%/src/HTMLTableUnknownHeadersOrder.php > %%WWWDIR%%/src/Holiday.php > %%WWWDIR%%/src/Html.php >+%%WWWDIR%%/src/Http/Firewall.php > %%WWWDIR%%/src/Http/ProxyRouter.php > %%WWWDIR%%/src/Http/Response.php > %%WWWDIR%%/src/IPAddress.php >@@ -3310,6 +3432,7 @@ > %%WWWDIR%%/src/USBVendor.php > %%WWWDIR%%/src/Unmanaged.php > %%WWWDIR%%/src/Update.php >+%%WWWDIR%%/src/UploadHandler.php > %%WWWDIR%%/src/User.php > %%WWWDIR%%/src/UserCategory.php > %%WWWDIR%%/src/UserEmail.php >@@ -3331,6 +3454,7 @@ > %%WWWDIR%%/templates/components/checkbox_matrix.html.twig > %%WWWDIR%%/templates/components/dashboard/widget_form.html.twig > %%WWWDIR%%/templates/components/dates_timeline.html.twig >+%%WWWDIR%%/templates/components/debug/debug_toolbar.html.twig > %%WWWDIR%%/templates/components/dropdown/limit.html.twig > %%WWWDIR%%/templates/components/form/buttons.html.twig > %%WWWDIR%%/templates/components/form/computerantivirus.html.twig >@@ -3394,6 +3518,7 @@ > %%WWWDIR%%/templates/components/modal.html.twig > %%WWWDIR%%/templates/components/pager.html.twig > %%WWWDIR%%/templates/components/photoswipe.html.twig >+%%WWWDIR%%/templates/components/plugin_uninstall_modal.html.twig > %%WWWDIR%%/templates/components/rss_feed.html.twig > %%WWWDIR%%/templates/components/search/controls.html.twig > %%WWWDIR%%/templates/components/search/display_data.html.twig >@@ -3402,7 +3527,6 @@ > %%WWWDIR%%/templates/components/user/info_card.html.twig > %%WWWDIR%%/templates/components/user/link_with_tooltip.html.twig > %%WWWDIR%%/templates/components/user/picture.html.twig >-%%WWWDIR%%/templates/debug_panel.html.twig > %%WWWDIR%%/templates/display_and_die.html.twig > %%WWWDIR%%/templates/dropdown_form.html.twig > %%WWWDIR%%/templates/generic_show_form.html.twig >@@ -3475,41 +3599,6 @@ > %%WWWDIR%%/templates/password_form.html.twig > %%WWWDIR%%/vendor/.htaccess > %%WWWDIR%%/vendor/autoload.php >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/LICENSE.txt >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/README.md >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/SECURITY.md >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/VULNERABILITIES.md >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/composer.json >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/css/jquery.fileupload-noscript.css >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/css/jquery.fileupload-ui-noscript.css >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/css/jquery.fileupload-ui.css >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/css/jquery.fileupload.css >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/docker-compose.yml >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/img/loading.gif >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/img/progressbar.gif >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/cors/jquery.postmessage-transport.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/cors/jquery.xdr-transport.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/demo.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/jquery.fileupload-audio.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/jquery.fileupload-image.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/jquery.fileupload-process.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/jquery.fileupload-ui.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/jquery.fileupload-validate.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/jquery.fileupload-video.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/jquery.fileupload.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/jquery.iframe-transport.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/vendor/jquery.ui.widget.js >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/package-lock.json >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/package.json >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/gae-python/app.yaml >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/gae-python/main.py >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/gae-python/static/favicon.ico >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/gae-python/static/robots.txt >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/php/Dockerfile >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/php/UploadHandler.php >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/php/files/.htaccess >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/php/index.php >-%%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/php/php.ini > %%WWWDIR%%/vendor/brick/math/CHANGELOG.md > %%WWWDIR%%/vendor/brick/math/LICENSE > %%WWWDIR%%/vendor/brick/math/SECURITY.md >@@ -4793,6 +4882,8 @@ > %%WWWDIR%%/vendor/psr/http-message/LICENSE > %%WWWDIR%%/vendor/psr/http-message/README.md > %%WWWDIR%%/vendor/psr/http-message/composer.json >+%%WWWDIR%%/vendor/psr/http-message/docs/PSR7-Interfaces.md >+%%WWWDIR%%/vendor/psr/http-message/docs/PSR7-Usage.md > %%WWWDIR%%/vendor/psr/http-message/src/MessageInterface.php > %%WWWDIR%%/vendor/psr/http-message/src/RequestInterface.php > %%WWWDIR%%/vendor/psr/http-message/src/ResponseInterface.php >@@ -5459,7 +5550,6 @@ > %%WWWDIR%%/vendor/seld/jsonlint/LICENSE > %%WWWDIR%%/vendor/seld/jsonlint/README.md > %%WWWDIR%%/vendor/seld/jsonlint/composer.json >-%%WWWDIR%%/vendor/seld/jsonlint/phpstan.neon.dist > %%WWWDIR%%/vendor/seld/jsonlint/src/Seld/JsonLint/DuplicateKeyException.php > %%WWWDIR%%/vendor/seld/jsonlint/src/Seld/JsonLint/JsonParser.php > %%WWWDIR%%/vendor/seld/jsonlint/src/Seld/JsonLint/Lexer.php >@@ -5930,6 +6020,7 @@ > %%WWWDIR%%/vendor/symfony/polyfill-mbstring/LICENSE > %%WWWDIR%%/vendor/symfony/polyfill-mbstring/Mbstring.php > %%WWWDIR%%/vendor/symfony/polyfill-mbstring/README.md >+%%WWWDIR%%/vendor/symfony/polyfill-mbstring/Resources/unidata/caseFolding.php > %%WWWDIR%%/vendor/symfony/polyfill-mbstring/Resources/unidata/lowerCase.php > %%WWWDIR%%/vendor/symfony/polyfill-mbstring/Resources/unidata/titleCaseRegexp.php > %%WWWDIR%%/vendor/symfony/polyfill-mbstring/Resources/unidata/upperCase.php >@@ -5950,6 +6041,7 @@ > %%WWWDIR%%/vendor/symfony/polyfill-php81/LICENSE > %%WWWDIR%%/vendor/symfony/polyfill-php81/Php81.php > %%WWWDIR%%/vendor/symfony/polyfill-php81/README.md >+%%WWWDIR%%/vendor/symfony/polyfill-php81/Resources/stubs/CURLStringFile.php > %%WWWDIR%%/vendor/symfony/polyfill-php81/Resources/stubs/ReturnTypeWillChange.php > %%WWWDIR%%/vendor/symfony/polyfill-php81/bootstrap.php > %%WWWDIR%%/vendor/symfony/polyfill-php81/composer.json >@@ -6499,7 +6591,7 @@ > %%WWWDIR%%/vendor/webmozart/assert/src/Assert.php > %%WWWDIR%%/vendor/webmozart/assert/src/InvalidArgumentException.php > %%WWWDIR%%/vendor/webmozart/assert/src/Mixin.php >-%%WWWDIR%%/version/10.0.7 >+%%WWWDIR%%/version/10.0.10 > @dir %%WWWDIR%%/ajax > @dir %%WWWDIR%%/bin > @dir %%WWWDIR%%/config >@@ -6579,10 +6671,14 @@ > @dir %%WWWDIR%%/install/migrations/update_10.0.4_to_10.0.5 > @dir %%WWWDIR%%/install/migrations/update_10.0.5_to_10.0.6 > @dir %%WWWDIR%%/install/migrations/update_10.0.6_to_10.0.7 >+@dir %%WWWDIR%%/install/migrations/update_10.0.7_to_10.0.8 >+@dir %%WWWDIR%%/install/migrations/update_10.0.8_to_10.0.9 >+@dir %%WWWDIR%%/install/migrations/update_10.0.9_to_10.0.10 > @dir %%WWWDIR%%/install/migrations/update_9.4.x_to_9.5.0 > @dir %%WWWDIR%%/install/migrations/update_9.5.x_to_10.0.0 > @dir %%WWWDIR%%/install/mysql > @dir %%WWWDIR%%/js >+@dir %%WWWDIR%%/js/modules/Debug/ > @dir %%WWWDIR%%/js/Forms > @dir %%WWWDIR%%/js/RichText > @dir %%WWWDIR%%/js/modules >@@ -6590,6 +6686,8 @@ > @dir %%WWWDIR%%/js/modules/Search > @dir %%WWWDIR%%/js/modules/SearchTokenizer > @dir %%WWWDIR%%/lib >+@dir %%WWWDIR%%/lib/blueimp/ >+@dir %%WWWDIR%%/lib/blueimp/jquery-file-upload/ > @dir %%WWWDIR%%/lib/bundles > @dir %%WWWDIR%%/locales > @dir %%WWWDIR%%/marketplace >@@ -6693,6 +6791,8 @@ > @dir %%WWWDIR%%/src/ContentTemplates/Parameters/ParametersTypes > @dir %%WWWDIR%%/src/Csv > @dir %%WWWDIR%%/src/Dashboard >+@dir %%WWWDIR%%/src/Dashboard/Filters/ >+@dir %%WWWDIR%%/src/Debug/ > @dir %%WWWDIR%%/src/Exception > @dir %%WWWDIR%%/src/Features > @dir %%WWWDIR%%/src/Http >@@ -6723,6 +6823,7 @@ > @dir %%WWWDIR%%/templates/central/lists > @dir %%WWWDIR%%/templates/components > @dir %%WWWDIR%%/templates/components/dashboard >+@dir %%WWWDIR%%/templates/components/debug/ > @dir %%WWWDIR%%/templates/components/dropdown > @dir %%WWWDIR%%/templates/components/form > @dir %%WWWDIR%%/templates/components/itilobject >@@ -6748,18 +6849,6 @@ > @dir %%WWWDIR%%/templates/pages/setup/general > @dir %%WWWDIR%%/templates/pages/tools > @dir %%WWWDIR%%/vendor >-@dir %%WWWDIR%%/vendor/blueimp >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/css >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/img >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/js >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/cors >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/js/vendor >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/server >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/gae-python >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/gae-python/static >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/php >-@dir %%WWWDIR%%/vendor/blueimp/jquery-file-upload/server/php/files > @dir %%WWWDIR%%/vendor/brick > @dir %%WWWDIR%%/vendor/brick/math > @dir %%WWWDIR%%/vendor/brick/math/src >@@ -6952,6 +7041,7 @@ > @dir %%WWWDIR%%/vendor/psr/http-factory > @dir %%WWWDIR%%/vendor/psr/http-factory/src > @dir %%WWWDIR%%/vendor/psr/http-message >+@dir %%WWWDIR%%/vendor/psr/http-message/docs/ > @dir %%WWWDIR%%/vendor/psr/http-message/src > @dir %%WWWDIR%%/vendor/psr/log > @dir %%WWWDIR%%/vendor/psr/log/Psr
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=245565">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
andrej
:
maintainer-approval?
Actions:
View
|
Diff
Attachments on
bug 272685
:
243581
|
245561
|
245562
|
245563
| 245565