Bug#339583: marked as done (egroupware-phpldapadmin: phpldapadmin security fixes)

Mon, 28 Nov 2005 03:33:50 -0800 

Your message dated Mon, 28 Nov 2005 12:21:52 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#339583: egroupware-phpldapadmin: phpldapadmin security 
fixes
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Nov 2005 10:22:33 +0000
>From [EMAIL PROTECTED] Thu Nov 17 02:22:33 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org ([193.22.164.111] 
helo=vserver151.vserver151.serverflex.de)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1EcguX-0002WO-7w
        for [EMAIL PROTECTED]; Thu, 17 Nov 2005 02:22:33 -0800
Received: from jmm by vserver151.vserver151.serverflex.de with local (Exim 4.50)
        id 1EcguW-0006wY-C3; Thu, 17 Nov 2005 11:22:32 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: egroupware-phpldapadmin: phpldapadmin security fixes
X-Mailer: reportbug 3.17
Date: Thu, 17 Nov 2005 11:22:32 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond 
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02

Package: egroupware-phpldapadmin
Severity: grave
Tags: security
Justification: user security hole

egroupware-phpldapadmin contains a shared/forked(?) copy of
phpldapadmin. There have been a couple of security problems
in phpldapadmin, namely:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2654
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2792
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2793

Have these problems been addressed in egroupware-phpldapadmin
or is it non-vulnerable?

Cheers,
         Moritz
-- System Information:
Debian Release: 3.1
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.29-vs1.2.10
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

---------------------------------------
Received: (at 339583-done) by bugs.debian.org; 28 Nov 2005 11:21:58 +0000
>From [EMAIL PROTECTED] Mon Nov 28 03:21:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ipx11302.ipxserver.de ([212.112.227.254] helo=gauss.credativ.com)
        by spohr.debian.org with esmtp (Exim 4.50)
        id 1Egh54-0004Bd-8s
        for [EMAIL PROTECTED]; Mon, 28 Nov 2005 03:21:58 -0800
Received: from colt.pezone.net (dslb-084-063-019-238.pools.arcor-ip.net 
[84.63.19.238])
        (using TLSv1 with cipher RC4-MD5 (128/128 bits))
        (No client certificate requested)
        by gauss.credativ.com (Postfix) with ESMTP id 89319D7657;
        Mon, 28 Nov 2005 12:21:56 +0100 (CET)
From: Peter Eisentraut <[EMAIL PROTECTED]>
To: Moritz Muehlenhoff <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject: Re: Bug#339583: egroupware-phpldapadmin: phpldapadmin security fixes
Date: Mon, 28 Nov 2005 12:21:52 +0100
User-Agent: KMail/1.8.2
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Moritz Muehlenhoff wrote:
> egroupware-phpldapadmin contains a shared/forked(?) copy of
> phpldapadmin. There have been a couple of security problems
> in phpldapadmin, namely:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2654
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2792
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2793
>
> Have these problems been addressed in egroupware-phpldapadmin
> or is it non-vulnerable?

These vulnerabilities only apply to newer versions than the one included 
in egroupware.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to