-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I sent a patch for Unstable to my sponsor. This should be uploaded soon.
For Stable the patch is attached. The Stable version is not affected by
the bug in add_value_form.php.
As written before, the report about the problem in list view is
clone 661904 -1
reassign -1 phpldapadmin
stop
This problem is located in the phpLDAPadmin part of LAM's code.
Therefore, the phpldapadmin package is also affected.
Patches for LAM upstream that may be ported to PLA:
Package: ldap-account-manager
Severity: grave
Tags: security
The following was reported to full-disclosure:
http://www.vulnerability-lab.com/get_content.php?id=458
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
the first problem in user listing cannot be reproduced:
* The filter value which should contain malicious code is correctly
sanitized with htmlspecialchars() in LAM 3.6 and 3.1.0-2 (stable).
* list.php-filter-Dateien/error.png is not a script
4 matches
Mail list logo
