UbuntuUpdates.org

Package "ampache-common"

Name: ampache-common

Description:

web-based audio file management system common files

Latest version: 3.6-rzb2779+dfsg-0ubuntu9.2
Release: xenial (16.04)
Level: security
Repository: universe
Head package: ampache
Homepage: http://www.ampache.org

Links


Download "ampache-common"


Other versions of "ampache-common" in Xenial

Repository Area Version
base universe 3.6-rzb2779+dfsg-0ubuntu9
updates universe 3.6-rzb2779+dfsg-0ubuntu9.2

Changelog

Version: 3.6-rzb2779+dfsg-0ubuntu9.2 2021-01-14 20:07:14 UTC

  ampache (3.6-rzb2779+dfsg-0ubuntu9.2) xenial-security; urgency=medium

  * SECURITY UPDATE: SQL Injection and XSS vulnerabilities
    - debian/patches/04_CVE-2019-12385_CVE-2019-12386.patch: Fix search engine
      and the LocalPlay "add instance" functionality.
    - CVE-2019-12385
    - CVE-2019-12386

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 12 Jan 2021 13:26:25 +0000

CVE-2019-12385 An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.clas
CVE-2019-12386 An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code



About   -   Send Feedback to @ubuntu_updates