From: "Girar awaiter (zidex)" <girar-builder@altlinux.org>
To: Pavel Zilke <zidex@altlinux.org>
Cc: sisyphus-incominger@lists.altlinux.org,
girar-builder-p11@altlinux.org,
girar-builder-p11@lists.altlinux.org
Subject: [#377682] p11 EPERM glpi.git=10.0.18-alt1
Date: Tue, 11 Mar 2025 18:16:44 +0000
Message-ID: <girar.task.377682.1.1@gyle.mskdc.altlinux.org> (raw)
https://git.altlinux.org/tasks/377682/logs/events.1.1.log
https://packages.altlinux.org/tasks/377682
subtask name aarch64 i586 x86_64
#100 glpi 1:55 1:26 1:19
2025-Mar-11 18:10:28 :: task #377682 for p11 started by zidex:
2025-Mar-11 18:10:28 :: message: security_fix
#100 build 10.0.18-alt1 from /people/zidex/packages/glpi.git fetched at 2025-Mar-11 17:46:00
2025-Mar-11 18:10:30 :: [i586] #100 glpi.git 10.0.18-alt1: build start
2025-Mar-11 18:10:30 :: [aarch64] #100 glpi.git 10.0.18-alt1: build start
2025-Mar-11 18:10:30 :: [x86_64] #100 glpi.git 10.0.18-alt1: build start
2025-Mar-11 18:11:49 :: [x86_64] #100 glpi.git 10.0.18-alt1: build OK
2025-Mar-11 18:11:56 :: [i586] #100 glpi.git 10.0.18-alt1: build OK
2025-Mar-11 18:12:25 :: [aarch64] #100 glpi.git 10.0.18-alt1: build OK
2025-Mar-11 18:12:46 :: #100: glpi.git 10.0.18-alt1: build check OK
2025-Mar-11 18:12:47 :: build check OK
2025-Mar-11 18:13:02 :: noarch check OK
2025-Mar-11 18:13:03 :: plan: src +1 -1 =19574, noarch +5 -5 =20457
#100 glpi 10.0.17-alt1 -> 10.0.18-alt1
Wed Feb 12 2025 Pavel Zilke <zidex@altlinux> 10.0.18-alt1
- New version 10.0.18
- This release fixes a security issue that has been recently discovered. Update is recommended!
- Security fixes:
+ CVE-2025-24799 : Unauthenticated SQL injection through the inventory endpoint
+ CVE-2025-24801 : Authenticated Remote code execution
+ CVE-2025-21619 : SQL injection through the rules configuration
+ CVE-2024-11955 : Open Redirection
+ CVE-2025-21627 : Reflected XSS in search page
+ CVE-2025-21626 : Exposure of sensitive information in the status.php endpoint
[...]
2025-Mar-11 18:13:04 :: glpi: mentions vulnerabilities: CVE-2025-24799 CVE-2025-24801 CVE-2025-21619 CVE-2024-11955 CVE-2025-21627 CVE-2025-21626 CVE-2025-23024 CVE-2025-23046 CVE-2025-25192
2025-Mar-11 18:13:32 :: patched apt indices
2025-Mar-11 18:13:42 :: created next repo
2025-Mar-11 18:13:51 :: duplicate provides check OK
2025-Mar-11 18:14:30 :: dependencies check OK
2025-Mar-11 18:14:47 :: [x86_64] #100 glpi: install check OK
2025-Mar-11 18:14:48 :: [i586] #100 glpi: install check OK
2025-Mar-11 18:14:58 :: [aarch64] #100 glpi: install check OK
2025-Mar-11 18:14:59 :: [x86_64] #100 glpi-apache2: install check OK
2025-Mar-11 18:15:00 :: [i586] #100 glpi-apache2: install check OK
2025-Mar-11 18:15:10 :: [x86_64] #100 glpi-php8.1: install check OK
2025-Mar-11 18:15:12 :: [i586] #100 glpi-php8.1: install check OK
2025-Mar-11 18:15:16 :: [aarch64] #100 glpi-apache2: install check OK
2025-Mar-11 18:15:21 :: [x86_64] #100 glpi-php8.2: install check OK
2025-Mar-11 18:15:24 :: [i586] #100 glpi-php8.2: install check OK
2025-Mar-11 18:15:32 :: [x86_64] #100 glpi-php8.3: install check OK
2025-Mar-11 18:15:34 :: [aarch64] #100 glpi-php8.1: install check OK
2025-Mar-11 18:15:36 :: [i586] #100 glpi-php8.3: install check OK
2025-Mar-11 18:15:52 :: [aarch64] #100 glpi-php8.2: install check OK
2025-Mar-11 18:16:11 :: [aarch64] #100 glpi-php8.3: install check OK
2025-Mar-11 18:16:12 :: gears inheritance check OK
2025-Mar-11 18:16:12 :: srpm inheritance check OK
girar-check-perms: access to glpi DENIED for zidex: project `glpi' is not listed in the acl file for repository `p11', and the policy for such projects in `p11' is to deny
check-subtask-perms: #100: glpi: needs approvals from members of @maint and @tester groups
2025-Mar-11 18:16:13 :: acl check FAILED
2025-Mar-11 18:16:34 :: created contents_index files
2025-Mar-11 18:16:40 :: created hash files: noarch src
2025-Mar-11 18:16:44 :: task #377682 for p11 EPERM
reply other threads:[~2025-03-11 18:16 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=girar.task.377682.1.1@gyle.mskdc.altlinux.org \
--to=girar-builder@altlinux.org \
--cc=devel@lists.altlinux.org \
--cc=girar-builder-p11@altlinux.org \
--cc=girar-builder-p11@lists.altlinux.org \
--cc=sisyphus-incominger@lists.altlinux.org \
--cc=zidex@altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Girar Builder robot reports
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-incominger/0 sisyphus-incominger/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-incominger sisyphus-incominger/ http://lore.altlinux.org/sisyphus-incominger \
sisyphus-incominger@lists.altlinux.org sisyphus-incominger@lists.altlinux.ru sisyphus-incominger@lists.altlinux.com
public-inbox-index sisyphus-incominger
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-incominger
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git