Your message dated Sun, 19 Jan 2020 22:52:45 +0000 with message-id <e1itjqz-0006nq...@fasolo.debian.org> and subject line Bug#867719: fixed in phpldapadmin 1.2.2-6.2 has caused the Debian Bug report #867719, regarding phpldapadmin: CVE-2017-11107 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 867719: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867719 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: phpldapadmin Version: 1.2.2-5 Severity: important Tags: security upstream Forwarded: https://github.com/leenooks/phpLDAPadmin/issues/50 Hi, the following vulnerability was published for phpldapadmin. CVE-2017-11107[0]: | phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the | form, element, rdn, or container parameter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-11107 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11107 [1] https://github.com/leenooks/phpLDAPadmin/issues/50 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: phpldapadmin Source-Version: 1.2.2-6.2 We believe that the bug you reported is fixed in the latest version of phpldapadmin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 867...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simone Rossetto <simro...@gmail.com> (supplier of updated phpldapadmin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 13 Jan 2020 22:48:01 +0100 Source: phpldapadmin Architecture: source Version: 1.2.2-6.2 Distribution: unstable Urgency: medium Maintainer: Fabio Tranchitella <kob...@debian.org> Changed-By: Simone Rossetto <simro...@gmail.com> Closes: 731871 867719 878613 890127 Changes: phpldapadmin (1.2.2-6.2) unstable; urgency=medium . * Non-maintainer upload. * Fix "phpLDAPadmin uses features that are deprecated in PHP 7.2" replacing __autoload() and create_function() with spl_autoload_register() and function() functions. Thanks to Lars Kollstedt for providing a cumulative patch in message #20 of bug report (Closes: #890127). * Fix "binary package embeds .pc directory" removing '.pc' subfolder at the end of install step of debian/rules file (Closes: #878613). * CVE-2017-11107: XSS vulnerabilities, patch provided by Antoine Beaupre <anar...@orangeseeds.org> (Closes: #867719). * Bug #731871 already fixed in previous revision setting ownership root:www-data to foder /etc/phpldapadmin/templates (Closes: #731871). Checksums-Sha1: a1fe892fa966941759ec5921cd84240a01abf261 1795 phpldapadmin_1.2.2-6.2.dsc db66f1ca5dbe3b6ab74735f75f21b3385e10cd1c 31980 phpldapadmin_1.2.2-6.2.debian.tar.xz a08c3874b8196e5a203ea5cf516d79ac8c0ef440 5930 phpldapadmin_1.2.2-6.2_source.buildinfo Checksums-Sha256: b857e536053a5e3ff5d908445c81f43cc0895df868ca7739b842daa3ccc80a01 1795 phpldapadmin_1.2.2-6.2.dsc 730c637ad28c56b44075bb156d692bc8842a7327623df41bd36351ca76e043d9 31980 phpldapadmin_1.2.2-6.2.debian.tar.xz 426121365ffaa30a650cf6d7593c77ccf0c0f644f1f39ff4d6c957ec7895237e 5930 phpldapadmin_1.2.2-6.2_source.buildinfo Files: c15981c223b80856ebbe0a4734407012 1795 admin extra phpldapadmin_1.2.2-6.2.dsc bb37b35e4e3c8fff51a026854258fc71 31980 admin extra phpldapadmin_1.2.2-6.2.debian.tar.xz cfeaedeebc02078595632b91ca52966c 5930 admin extra phpldapadmin_1.2.2-6.2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAl4k19EACgkQweDZLphv fH6uXA/9HJ0jRG3By9PxMvseGTIchsJRqfYTIAOUOKWzorA+NkqjQYl/PSrQrvTl UNS5bjy5lQ4osvQY6n3zADW11Oupk2tbS2H7fYS5NNa1Klb8lLBbRuou6xmr2p9G 0mLkaggCQsUY3xZlsQLnR+FtgUryK9ODvwv9g28J71ZxutqNLUD9rl2eL+wYmH/y iDY2f13FoZlClJ4k12mk8XNNxGrG8I18oUJqQ3lXgkMrXf17Ww/pNni6iDmZT1d9 G9vcEuydpEzn5/16TR+vNQd9AIk/bWWcJ8e/Ei/0A1zebKd8yB+V5wsAv0N1y8R1 /ZMe1QUK4t3sxQmd9ih5s7jc2oPEcc6+xgwSlPYZIErnXG6/p7CdSvteiQn93Won qmR2LjSXIymeYDRVZYBmJwVFHK/b9gSc7Q481d4BdfROBGLbN1u2ySnWyi9Rer0n ABXRIE97RpaDeHH4KXasDHXDS4H4F7KaSlz5sXIHmvu2XBQB3QOIGmFn7i/f8WW9 3G5Id52EYzOH4li3Ju0NmTA6VFea1f+c4o6hlqx/OvTBUhr0lmwjLnA2vYZIWBwT /Il5ZvyWBttb5PqJAkPFZ+r9JyOfq96bWQSXiuHPdREapTLt6Mn28OICInIWdtpa 2nUL9YCerYRgUb8dlYvaLR/taMh1HoxnkclpTt37jDwpGIWVuBQ= =W+4v -----END PGP SIGNATURE-----
--- End Message ---
