Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 636078 (CVE-2017-11107)

Summary: <net-nds/phpldapadmin-1.2.5: Cross-site scripting vulnerability (CVE-2017-11107)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: jmbsvicetto, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-31 17:04:21 UTC 
CVE-2017-11107 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-11107):
  phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form,
  element, rdn, or container parameter.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-31 17:05:06 UTC 
@Maintainers please let us know when tree is clean from vulnerable versions.

Thank you
Comment 2 Brian Evans (RETIRED) gentoo-dev 2019-08-08 14:29:36 UTC 
Version 1.2.4 has been released on GitHub (which is listed on the sourceforge project).  The new version fixes this CVE.

https://github.com/leenooks/phpLDAPadmin
Comment 3 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2019-08-22 19:36:27 UTC 
I've just added 1.2.5 to my overlay[1]. I'll try to get some feedback / testing before adding it to the tree and cleaning the old versions.


 [1] - https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=b4b8775f679d50bf9efb33f6b8c60f3e4674b9a1
Comment 4 Volkmar Glauche 2019-12-03 08:28:48 UTC 
(In reply to Jorge Manuel B. S. Vicetto from comment #3)
> I've just added 1.2.5 to my overlay[1]. I'll try to get some feedback /
> testing before adding it to the tree and cleaning the old versions.

phpldapadmin 1.2.5 from your overlay installs and works fine for me. In addition to the security fixes, it also fixes compatibility issues for newer php releases. Many thanks for this ebuild!
Comment 5 Larry the Git Cow gentoo-dev 2019-12-05 16:55:38 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1f05440273176500cd8e206e05c6cf1bf15ba1b

commit d1f05440273176500cd8e206e05c6cf1bf15ba1b
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-12-05 16:54:36 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-12-05 16:54:50 +0000

    net-nds/phpldapadmin: Bump to 1.2.5 release. Security release.
    
    This release fixes (CVE-2017-11107).
    Bug: https://bugs.gentoo.org/636078
    Closes: https://bugs.gentoo.org/561900
    CLoses: https://bugs.gentoo.org/688056
    Package-Manager: Portage-2.3.79, Repoman-2.3.18
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 net-nds/phpldapadmin/Manifest                  |  1 +
 net-nds/phpldapadmin/phpldapadmin-1.2.5.ebuild | 51 ++++++++++++++++++++++++++
 2 files changed, 52 insertions(+)
Comment 6 Larry the Git Cow gentoo-dev 2019-12-05 17:25:37 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c127ce311c640ca3231d6eb013f47ffd298bab35

commit c127ce311c640ca3231d6eb013f47ffd298bab35
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2019-12-05 17:25:27 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2019-12-05 17:25:27 +0000

    net-nds/phpldapadmin: Drop vulnerable releases.
    
    Bug: https://bugs.gentoo.org/636078
    Package-Manager: Portage-2.3.79, Repoman-2.3.18
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 net-nds/phpldapadmin/Manifest                     |  1 -
 net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild | 48 -----------------------
 net-nds/phpldapadmin/phpldapadmin-1.2.3.ebuild    | 44 ---------------------
 3 files changed, 93 deletions(-)