Your message dated Sun, 03 Jan 2010 11:03:32 +0000
with message-id <e1nrofa-0003iq...@ries.debian.org>
and subject line Bug#561975: fixed in phpldapadmin 1.1.0.7-1.1
has caused the Debian Bug report #561975,
regarding CVE-2009-4427: Local file inclusion vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
561975: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561975
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: phpldapadmin
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
A vulnerability has been discovered on phpLDAPadmin, which can be exploited by
malicious people to disclose sensitive information.
Input passed via the "cmd" parameter to cmd.php is not properly verified before
being used to include files. This can be exploited to include arbitrary files
from local resources.
See: http://www.exploit-db.com/exploits/10410
http://secunia.com/advisories/37848/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAksvsR8ACgkQNxpp46476aqtuQCgj81pPrUhqj6AJrWiRfD7BILB
ghgAn3lQTCTMPIVPnKK+UXKVaY4G7FcW
=thz2
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: phpldapadmin
Source-Version: 1.1.0.7-1.1
We believe that the bug you reported is fixed in the latest version of
phpldapadmin, which is due to be installed in the Debian FTP archive:
phpldapadmin_1.1.0.7-1.1.diff.gz
to main/p/phpldapadmin/phpldapadmin_1.1.0.7-1.1.diff.gz
phpldapadmin_1.1.0.7-1.1.dsc
to main/p/phpldapadmin/phpldapadmin_1.1.0.7-1.1.dsc
phpldapadmin_1.1.0.7-1.1_all.deb
to main/p/phpldapadmin/phpldapadmin_1.1.0.7-1.1_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 561...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated phpldapadmin
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 03 Jan 2010 11:47:29 +0100
Source: phpldapadmin
Binary: phpldapadmin
Architecture: source all
Version: 1.1.0.7-1.1
Distribution: unstable
Urgency: high
Maintainer: Fabio Tranchitella <kob...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description:
phpldapadmin - web based interface for administering LDAP servers
Closes: 561975
Changes:
phpldapadmin (1.1.0.7-1.1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-4427 (Closes: #561975)
Checksums-Sha1:
3f60af319f44d5b02aee73f49c18ce6735a52a9e 1048 phpldapadmin_1.1.0.7-1.1.dsc
373d4e7d5c56da96459c21ba4a3a84ddfd63afbb 22949 phpldapadmin_1.1.0.7-1.1.diff.gz
7728adb69bc344dc43c6e1c9ed104e66233b3efd 1062982
phpldapadmin_1.1.0.7-1.1_all.deb
Checksums-Sha256:
708001adb53f03eed564744b8d1dacfa59498717fd43aa0cb8fcd2dfd57ba5bf 1048
phpldapadmin_1.1.0.7-1.1.dsc
4a4d7a77a82cf5d389575c95a9eee570617ad80635d271ee6bf6b4f99417fee4 22949
phpldapadmin_1.1.0.7-1.1.diff.gz
ca2546bd109cfc74519be770dada943979720014604731b128c1f724fca6bd64 1062982
phpldapadmin_1.1.0.7-1.1_all.deb
Files:
c4ec36abdb6f247ba32776f16f701e59 1048 admin extra phpldapadmin_1.1.0.7-1.1.dsc
84bbe0b3763acc8c6609d14c9c21fa40 22949 admin extra
phpldapadmin_1.1.0.7-1.1.diff.gz
19814c814e7f52c82d2a544e4e43c796 1062982 admin extra
phpldapadmin_1.1.0.7-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktAdq0ACgkQNxpp46476apsZACePbkU5cBPst5YPivS6BCIWDKj
WPwAoIyrjAy5E0GKLn3Kdza1V6DdchNE
=8tTT
-----END PGP SIGNATURE-----
--- End Message ---
