gosa (2.7.4+reloaded2-9ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Server-Side Reflected XSS vulnerability
- debian/patches/0013_escape-html-entities-for-uid-to-avoid-code-execution-
CVE-2018-1000528.patch: Sanitize the uid POST parameter in
html/password.php.
- CVE-2018-1000528
* SECURITY UPDATE: Incorrect Access Control
- debian/patches/1046_CVE-2019-11187_stricter-ldap-error-check.patch: Use a
stricter error check in ldap::success()
of include/class_ldap.inc.
- CVE-2019-11187
* SECURITY UPDATE: PHP objection injection vulnerability
- debian/patches/1047_CVE-2019-14466-{1,2}_replace_unserialize_with_json_
encode+json_decode.patch: Replace serialize/unserialize with
json_encode/json_decode and preform type-checking on return value.
- CVE-2019-14466
Date: 2020-10-19 23:04:13.536968+00:00
Changed-By: Avital Ostromich <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/gosa/2.7.4+reloaded2-9ubuntu1.1
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
