[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
** Changed in: phpldapadmin Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
** Changed in: phpldapadmin Status: Unknown => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
** Bug watch added: Debian Bug tracker #867719 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867719 ** Also affects: phpldapadmin via https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867719 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
This bug was fixed in the package phpldapadmin - 1.2.2-5.2ubuntu2.1 --- phpldapadmin (1.2.2-5.2ubuntu2.1) xenial-security; urgency=low * SECURITY UPDATE: Multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php (LP: #1701731) - debian/patches/fix-XSS-3.patch: sanitize user inputs in file htdocs/entry_chooser.php. - CVE-2017-11107 -- Ismail BelkacimFri, 07 Jul 2017 05:38:54 -0700 ** Changed in: phpldapadmin (Ubuntu) Status: Triaged => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
Thanks for providing the debdiff. This package has been built and is available in the security-proposed PPA for testing. https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-11107 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
Very nice, thanks; I've asked what I think is upstream for feedback https://github.com/leenooks/phpLDAPadmin/issues/50 Thanks ** Bug watch added: github.com/leenooks/phpLDAPadmin/issues #50 https://github.com/leenooks/phpLDAPadmin/issues/50 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
Hello Seth, Thank you for replying. I hope this one will do. ** Patch added: "phpldapadmin_1.2.2-5.2ubuntu2.1_updated.debdiff" https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+attachment/4910883/+files/phpldapadmin_1.2.2-5.2ubuntu2.1_updated.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
Hello Ismail, thanks for taking on this task. There's a few small things that I'd like changed before we sponsor this: - Since Ubuntu doesn't really have package 'maintainers', there's no need to point out it's a non-maintainer upload - We like the security updates to all have consistent formatting as described on: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging - We like the patches to have DEP-3 tags to indicate at least where the patch came from, so future readers can verify patches independently. (While DEP-3 is kind of complicated and involved, it's basically just adding Subject: with something short and descriptive and Origin: with a link to the patch.) The full DEP-3 guide is at http://dep.debian.net/deps/dep3/ but don't feel compelled to read it unless I did a poor job describing it here. Could you submit a new patch with these items fixed up? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
** Changed in: phpldapadmin (Ubuntu) Status: Incomplete => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
The attachment "phpldapadmin_1.2.2-5.2ubuntu2.1.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
Here is a debdiff. ** Patch added: "phpldapadmin_1.2.2-5.2ubuntu2.1.debdiff" https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+attachment/4907494/+files/phpldapadmin_1.2.2-5.2ubuntu2.1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1701731] Re: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting
Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures ** Changed in: phpldapadmin (Ubuntu) Status: New => Incomplete ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1701731 Title: phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs