Summary: | <net-nds/phpldapadmin-1.2.5: Cross-site scripting vulnerability (CVE-2017-11107) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | jmbsvicetto, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2017-10-31 17:04:21 UTC
@Maintainers please let us know when tree is clean from vulnerable versions. Thank you Version 1.2.4 has been released on GitHub (which is listed on the sourceforge project). The new version fixes this CVE. https://github.com/leenooks/phpLDAPadmin I've just added 1.2.5 to my overlay[1]. I'll try to get some feedback / testing before adding it to the tree and cleaning the old versions. [1] - https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=b4b8775f679d50bf9efb33f6b8c60f3e4674b9a1 (In reply to Jorge Manuel B. S. Vicetto from comment #3) > I've just added 1.2.5 to my overlay[1]. I'll try to get some feedback / > testing before adding it to the tree and cleaning the old versions. phpldapadmin 1.2.5 from your overlay installs and works fine for me. In addition to the security fixes, it also fixes compatibility issues for newer php releases. Many thanks for this ebuild! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1f05440273176500cd8e206e05c6cf1bf15ba1b commit d1f05440273176500cd8e206e05c6cf1bf15ba1b Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2019-12-05 16:54:36 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2019-12-05 16:54:50 +0000 net-nds/phpldapadmin: Bump to 1.2.5 release. Security release. This release fixes (CVE-2017-11107). Bug: https://bugs.gentoo.org/636078 Closes: https://bugs.gentoo.org/561900 CLoses: https://bugs.gentoo.org/688056 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> net-nds/phpldapadmin/Manifest | 1 + net-nds/phpldapadmin/phpldapadmin-1.2.5.ebuild | 51 ++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c127ce311c640ca3231d6eb013f47ffd298bab35 commit c127ce311c640ca3231d6eb013f47ffd298bab35 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2019-12-05 17:25:27 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2019-12-05 17:25:27 +0000 net-nds/phpldapadmin: Drop vulnerable releases. Bug: https://bugs.gentoo.org/636078 Package-Manager: Portage-2.3.79, Repoman-2.3.18 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> net-nds/phpldapadmin/Manifest | 1 - net-nds/phpldapadmin/phpldapadmin-1.2.3-r1.ebuild | 48 ----------------------- net-nds/phpldapadmin/phpldapadmin-1.2.3.ebuild | 44 --------------------- 3 files changed, 93 deletions(-) |