Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 05 Mar 2012 20:56:59 +0100
From: Roland Gruber <>
CC: Jan Lieskovsky <>, 
 "Steven M. Christey" <>,
 Fabio Tranchitella <>, 
 Dmitry Butskoy <>
Subject: Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple
 XSS flaws

Hi all,

On 05.03.2012 11:36, Jan Lieskovsky wrote:
> Wrt to PhpLDAPAdmin side -- I am not sure, what's the relation of the
> code between LAM and
> PLA (if PLA is using / embedding some code of LAM directly or if there
> were also some
> customizations on the side of PLA upon LAM code embedding / inclusion).
> Hopefully Roland,
> Fabio, Dmitry can clarify here, how much the PhpLDAPAdmin code is
> different from LDAP
> Account Manager code (if it's just overtaken LAM code or PhpLDAPAdmin
> have also made
> their own customizations to the code)?

LDAP Account Manager includes a reduced copy of the phpLDAPadmin code. I already checked if phpLDAPadmin contains a fix and it seems to be vulnerable,
too. Therefore, I cloned the Debian bug.

The Debian bug report contains a patch for Debian Stable. Debian packages for Unstable are here:


Best regards


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ