[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2020-01-20 Thread Bug Watch Updater 
** Changed in: phpldapadmin
   Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2018-11-07 Thread Bug Watch Updater 
** Changed in: phpldapadmin
   Status: Unknown => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2018-10-31 Thread anarcat 
** Bug watch added: Debian Bug tracker #867719
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867719

** Also affects: phpldapadmin via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867719
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-09-19 Thread Launchpad Bug Tracker 
This bug was fixed in the package phpldapadmin - 1.2.2-5.2ubuntu2.1

---
phpldapadmin (1.2.2-5.2ubuntu2.1) xenial-security; urgency=low

  * SECURITY UPDATE: Multiple Cross-Site Scripting vulnerabilities in
file htdocs/entry_chooser.php (LP: #1701731)
- debian/patches/fix-XSS-3.patch: sanitize user inputs in
  file htdocs/entry_chooser.php.
- CVE-2017-11107

 -- Ismail Belkacim   Fri, 07 Jul 2017 05:38:54 -0700

** Changed in: phpldapadmin (Ubuntu)
   Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-09-14 Thread Emily Ratliff 
Thanks for providing the debdiff. This package has been built and is available 
in the security-proposed PPA for testing.
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-07-09 Thread Ismail 
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11107

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-07-07 Thread Seth Arnold 
Very nice, thanks; I've asked what I think is upstream for feedback
https://github.com/leenooks/phpLDAPadmin/issues/50

Thanks

** Bug watch added: github.com/leenooks/phpLDAPadmin/issues #50
   https://github.com/leenooks/phpLDAPadmin/issues/50

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-07-07 Thread Ismail 
Hello Seth, Thank you for replying.

I hope this one will do.

** Patch added: "phpldapadmin_1.2.2-5.2ubuntu2.1_updated.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+attachment/4910883/+files/phpldapadmin_1.2.2-5.2ubuntu2.1_updated.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-07-06 Thread Seth Arnold 
Hello Ismail, thanks for taking on this task.

There's a few small things that I'd like changed before we sponsor this:

- Since Ubuntu doesn't really have package 'maintainers', there's no need to 
point out it's a non-maintainer upload
- We like the security updates to all have consistent formatting as described 
on: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging
- We like the patches to have DEP-3 tags to indicate at least where the patch 
came from, so future readers can verify patches independently. (While DEP-3 is 
kind of complicated and involved, it's basically just adding Subject: with 
something short and descriptive and Origin: with a link to the patch.) The full 
DEP-3 guide is at http://dep.debian.net/deps/dep3/ but don't feel compelled to 
read it unless I did a poor job describing it here.

Could you submit a new patch with these items fixed up?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-07-05 Thread Seth Arnold 
** Changed in: phpldapadmin (Ubuntu)
   Status: Incomplete => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-07-01 Thread Ubuntu Foundations Team Bug Bot 
The attachment "phpldapadmin_1.2.2-5.2ubuntu2.1.debdiff" seems to be a
debdiff.  The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff.  If the
attachment isn't a patch, please remove the "patch" flag from the
attachment, remove the "patch" tag, and if you are member of the
~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issue please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-07-01 Thread Ismail 
Here is a debdiff.

** Patch added: "phpldapadmin_1.2.2-5.2ubuntu2.1.debdiff"
   
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+attachment/4907494/+files/phpldapadmin_1.2.2-5.2ubuntu2.1.debdiff

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting

2017-06-30 Thread Seth Arnold 
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is available, members of the security team will review it and
publish the package. See the following link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

** Changed in: phpldapadmin (Ubuntu)
   Status: New => Incomplete

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1701731

Title:
  phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site
  Scripting

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs