CVE-2020-35132 (https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474): An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. Maintainers, please bump.
Package list is empty or all packages have requested keywords.
Ping, anyone there?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10d9ee0653bff1e38164409ab38d4bded0148527 commit 10d9ee0653bff1e38164409ab38d4bded0148527 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-04-23 21:06:45 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-31 22:12:09 +0000 net-nds/phpldapadmin: bump to 1.2.6.3 Bug: https://bugs.gentoo.org/760537 Closes: https://bugs.gentoo.org/755701 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/25172 Signed-off-by: Sam James <sam@gentoo.org> net-nds/phpldapadmin/Manifest | 1 + net-nds/phpldapadmin/phpldapadmin-1.2.6.3.ebuild | 51 ++++++++++++++++++++++++ 2 files changed, 52 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0cc413c8e931c7565843a2edb218dfe8c5d017e9 commit 0cc413c8e931c7565843a2edb218dfe8c5d017e9 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-08-28 22:10:16 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-08-29 18:39:09 +0000 net-nds/phpldapadmin: drop vulnerable 1.2.5, EAPI-6-- Bug: https://bugs.gentoo.org/760537 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> net-nds/phpldapadmin/Manifest | 1 - net-nds/phpldapadmin/phpldapadmin-1.2.5.ebuild | 51 -------------------------- 2 files changed, 52 deletions(-)
Thanks asturm! All done