Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 05 Mar 2012 20:56:59 +0100
From: Roland Gruber <post@...andgruber.de>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>, 
 "Steven M. Christey" <coley@...us.mitre.org>,
 Fabio Tranchitella <kobold@...ian.org>, 
 Dmitry Butskoy <Dmitry@...skoy.name>
Subject: Re: CVE Request -- LDAP Account Manager Pro / PhpLDAPadmin -- Multiple
 XSS flaws

Hi all,

On 05.03.2012 11:36, Jan Lieskovsky wrote:
> Wrt to PhpLDAPAdmin side -- I am not sure, what's the relation of the
> code between LAM and
> PLA (if PLA is using / embedding some code of LAM directly or if there
> were also some
> customizations on the side of PLA upon LAM code embedding / inclusion).
> Hopefully Roland,
> Fabio, Dmitry can clarify here, how much the PhpLDAPAdmin code is
> different from LDAP
> Account Manager code (if it's just overtaken LAM code or PhpLDAPAdmin
> have also made
> their own customizations to the code)?

LDAP Account Manager includes a reduced copy of the phpLDAPadmin code. I already checked if phpLDAPadmin contains a fix and it seems to be vulnerable,
too. Therefore, I cloned the Debian bug.

The Debian bug report contains a patch for Debian Stable. Debian packages for Unstable are here:

http://www.ldap-account-manager.org/static/debian-packages/


-- 

Best regards

Roland

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ