Debian Bug report logs -
#867719
phpldapadmin: CVE-2017-11107
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Fabio Tranchitella <kobold@debian.org>:
Bug#867719; Package src:phpldapadmin.
(Sat, 08 Jul 2017 21:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Fabio Tranchitella <kobold@debian.org>.
(Sat, 08 Jul 2017 21:33:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: phpldapadmin
Version: 1.2.2-5
Severity: important
Tags: security upstream
Forwarded: https://github.com/leenooks/phpLDAPadmin/issues/50
Hi,
the following vulnerability was published for phpldapadmin.
CVE-2017-11107[0]:
| phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the
| form, element, rdn, or container parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11107
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11107
[1] https://github.com/leenooks/phpLDAPadmin/issues/50
Regards,
Salvatore
Severity set to 'grave' from 'important'
Request was from Moritz Muehlenhoff <jmm@debian.org>
to control@bugs.debian.org.
(Wed, 31 Oct 2018 17:51:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Fabio Tranchitella <kobold@debian.org>:
Bug#867719; Package src:phpldapadmin.
(Wed, 31 Oct 2018 17:57:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Antoine Beaupre <anarcat@orangeseeds.org>:
Extra info received and forwarded to list. Copy sent to Fabio Tranchitella <kobold@debian.org>.
(Wed, 31 Oct 2018 17:57:02 GMT) (full text, mbox, link).
Message #12 received at 867719@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags 867719 +patch
The attached patch fixes the issue and was applied to the wheezy and
jessie versions of the package.
It comes from the Ubuntu version of this same bug:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731
[CVE-2017-11107.patch (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Added tag(s) patch.
Request was from Antoine Beaupre <anarcat@orangeseeds.org>
to 867719-submit@bugs.debian.org.
(Wed, 31 Oct 2018 17:57:03 GMT) (full text, mbox, link).
Added tag(s) fixed-upstream.
Request was from debian-bts-link@lists.debian.org
to control@bugs.debian.org.
(Thu, 18 Apr 2019 19:27:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:50:21 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon