Bug 636620
Summary: | pgpoolAdmin: multiple vulnerabilities in embedded Smarty (2.6.13) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | devrim, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | 636615 | Environment: | |
Last Closed: | 2021-10-19 09:14:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 637226, 847367 | ||
Bug Blocks: |
Description
Vincent Danen
2010-09-22 17:53:01 UTC
Used upstream's contact form to make them aware of the issue. Will wait a bit to see if we get a response before making this public. Upstream has reported that version 2.3.1 and 3.0.1 have been released, that embed Smarty 2.6.26: http://pgfoundry.org/frs/download.php/2804/pgpoolAdmin-2.3.1.tar.gz http://pgfoundry.org/frs/download.php/2805/pgpoolAdmin-3.0.1.tar.gz They also note that version 2.2 is no longer maintained, so we should upgrade to one of the above versions. Created postgresql-pgpoolAdmin tracking bugs for this issue Affects: fedora-all [bug 637226] Ok, I'm on it. (In reply to comment #4) > Ok, I'm on it. Any progress on this yet? This is still unfixed in Fedora from what I can see. Can this be taken care of soon? It's quite old. postgresql-pgpoolAdmin-3.1.1-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. postgresql-pgpoolAdmin-3.1.1-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. EPEL5 still contains version 2.2, which is vulnerable. Fedora is ok. Created postgresql-pgpoolAdmin tracking bugs for this issue Affects: epel-5 [bug 847367] |