-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
the first problem in user listing cannot be reproduced: * The filter value which should contain malicious code is correctly sanitized with htmlspecialchars() in LAM 3.6 and 3.1.0-2 (stable). * list.php-filter-Dateien/error.png is not a script that is included in LAM The other points are under investigation. I will work on a patch. Best regards Roland Am 02.03.2012 14:16, schrieb Moritz Muehlenhoff: > Package: ldap-account-manager > Severity: grave > Tags: security > > The following was reported to full-disclosure: > http://www.vulnerability-lab.com/get_content.php?id=458 > > Cheers, > Moritz > > > - -- Mit freundlichen Grüßen Roland Gruber -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9RNyQACgkQq/ywNCsrGZ6k8QCeP9+Ii9eD0kj/5hJHVRUN/Zom R2MAn2d38e0C8fAsJkinZRBE9RzILJ2W =DPNE -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
