Date: Mon, 05 Mar 2012 20:56:59 +0100 From: Roland Gruber <post@...andgruber.de> To: oss-security@...ts.openwall.com CC: Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org>, Fabio Tranchitella <kobold@...ian.org>, Dmitry Butskoy <Dmitry@...skoy.name> Subject: Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple XSS flaws Hi all, On 05.03.2012 11:36, Jan Lieskovsky wrote: > Wrt to PhpLDAPAdmin side -- I am not sure, what's the relation of the > code between LAM and > PLA (if PLA is using / embedding some code of LAM directly or if there > were also some > customizations on the side of PLA upon LAM code embedding / inclusion). > Hopefully Roland, > Fabio, Dmitry can clarify here, how much the PhpLDAPAdmin code is > different from LDAP > Account Manager code (if it's just overtaken LAM code or PhpLDAPAdmin > have also made > their own customizations to the code)? LDAP Account Manager includes a reduced copy of the phpLDAPadmin code. I already checked if phpLDAPadmin contains a fix and it seems to be vulnerable, too. Therefore, I cloned the Debian bug. The Debian bug report contains a patch for Debian Stable. Debian packages for Unstable are here: http://www.ldap-account-manager.org/static/debian-packages/ -- Best regards Roland
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ