Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 Jan 2016 10:26:31 +0000
From: Mike Gabriel <>
Subject: Security issues in GOsa


GOsa is a framework written in PHP for LDAP-based management of  
intranet infrastructures.

As part of upstream (I joined the team recently) I would like to make  
you aware of (at least) two security issues +/- recently discovered:

(1) Possibility of code injection when setting passwords for Samba.  
Solved upstream:

(2) XSS vulnerability during session log on. Solved upstream:

Please assign individual CVE Ids for both issues, if appropriate.


mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31


Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.