Getting phpldapadmin (CVE-2018-12869) fixed

2018-07-31 Thread Mike Gabriel
Hi, today I have looked into fixing CVE-2018-12689 for phpldapadmin. The code is full of potential passages that might actually trigger the exploit behind CVE-2018-12689. This surely needs some deeper investigation. I also tried to reproduce the exploit for CVE-2018-12689 against a

Re: Jessie update of network-manager-vpnc?

2018-07-31 Thread Mike Gabriel
Hi Michael, On Sa 21 Jul 2018 01:22:50 CEST, Michael Biebl wrote: Am 21.07.2018 um 00:13 schrieb Mike Gabriel: Dear maintainer(s), The Debian LTS team would like to fix the security issues which are currently open in the Jessie version of network-manager-vpnc:

[SECURITY] [DLA 1454-1] network-manager-vpnc security update

2018-07-31 Thread Mike Gabriel
Package: network-manager-vpnc Version: 0.9.10.0-1+deb8u1 CVE ID : CVE-2018-10900 Debian Bug : 904255 Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline