UbuntuUpdates.org

Package "ampache-common"

Name: ampache-common

Description:

web-based audio file management system common files

Latest version: 3.6-rzb2779+dfsg-0ubuntu9.2
Release: xenial (16.04)
Level: updates
Repository: universe
Head package: ampache
Homepage: http://www.ampache.org

Links


Download "ampache-common"


Other versions of "ampache-common" in Xenial

Repository Area Version
base universe 3.6-rzb2779+dfsg-0ubuntu9
security universe 3.6-rzb2779+dfsg-0ubuntu9.2

Changelog

Version: 3.6-rzb2779+dfsg-0ubuntu9.2 2021-01-14 22:06:15 UTC

  ampache (3.6-rzb2779+dfsg-0ubuntu9.2) xenial-security; urgency=medium

  * SECURITY UPDATE: SQL Injection and XSS vulnerabilities
    - debian/patches/04_CVE-2019-12385_CVE-2019-12386.patch: Fix search engine
      and the LocalPlay "add instance" functionality.
    - CVE-2019-12385
    - CVE-2019-12386

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 12 Jan 2021 13:26:25 +0000

Source diff to previous version
CVE-2019-12385 An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.clas
CVE-2019-12386 An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay "add instance" functionality. The injected code

Version: 3.6-rzb2779+dfsg-0ubuntu9.1 2016-08-11 21:06:35 UTC

  ampache (3.6-rzb2779+dfsg-0ubuntu9.1) xenial; urgency=medium

  * debian/patches/04_rename_error_to_amperror.patch: Backport 'Rename
    Error class to AmpError (fix php7 Error class name conflict)'.
    Closes LP: #1578201.

 -- Nishanth Aravamudan <email address hidden> Fri, 24 Jun 2016 08:21:47 -0700

1578201 ampache does not work on xenial/php7



About   -   Send Feedback to @ubuntu_updates