Fix PHP Code Injection Vulnerability (upstream patch). Versions 1.2.0-1.2.1.1 are affected. Advisory: http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt Patch: http://phpldapadmin.git.sourceforge.net/git/gitweb.cgi?p=phpldapadmin/phpldapadmin;a=blobdiff;f=lib/functions.php;h=eb160dc9f7d74e563131e21d4c85d7849a0c6638;hp=19fde9974d4e5eb3bfac04bb223ccbefdb98f9a0;hb=76e6dad;hpb=5d4245f93ae6f065e7535f268e3cd87a23b07744 Should be committed asap. Fix: Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->glarkin glarkin@ wants his PRs (via the GNATS Auto Assign Tool)
Maintainer of net/phpldapadmin, Please note that PR ports/161954 has just been submitted. If it contains a patch for an upgrade, an enhancement or a bug fix you agree on, reply to this email stating that you approve the patch and a committer will take care of it. The full text of the PR can be found at: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/161954 -- Edwin Groothuis via the GNATS Auto Assign Tool edwin@FreeBSD.org
State Changed From-To: open->feedback Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
On 24/10/2011 07:20, Edwin Groothuis wrote: > Maintainer of net/phpldapadmin, > > Please note that PR ports/161954 has just been submitted. > > If it contains a patch for an upgrade, an enhancement or a bug fix > you agree on, reply to this email stating that you approve the patch > and a committer will take care of it. > > The full text of the PR can be found at: > http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/161954 > Maintainer approves. Please commit. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, Can one of you also write up a VuXML entry for me to commit? Thank you, Greg -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6lXuQACgkQ0sRouByUApD0vQCgyjMfYAbmQNryFFWSg1BiSYLZ ABUAnRUUI14/lg5x3ipcChWqsEs+ESLq =HJYl -----END PGP SIGNATURE-----
Greg Larkin wrote on 24.10.2011 16:49: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > Can one of you also write up a VuXML entry for me to commit? > > Thank you, > Greg Hi, Greg. I'll do. -- Regards, Ruslan Tinderboxing kills... the drives.
glarkin 2011-10-24 13:10:36 UTC FreeBSD ports repository Modified files: net/phpldapadmin Makefile Added files: net/phpldapadmin/files patch-lib__functions.php Log: - Fixed PHP code injection vulnerability by incorporating upstream patch - Bumped PORTREVISION NOTE: VuXML ID to follow shortly PR: ports/161954 Submitted by: Ruslan Mahmatkhanov <cvs-src@yandex.ru> Approved by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer) Security: http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt Security: http://sourceforge.net/tracker/?func=detail&aid=3417184&group_id=61828&atid=498546 Revision Changes Path 1.42 +1 -0 ports/net/phpldapadmin/Makefile 1.1 +14 -0 ports/net/phpldapadmin/files/patch-lib__functions.php (new) _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Greg Larkin wrote on 24.10.2011 16:49: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > Can one of you also write up a VuXML entry for me to commit? > > Thank you, > Greg Here it is. -- Regards, Ruslan Tinderboxing kills... the drives.
Greg Larkin wrote on 24.10.2011 16:49: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > Can one of you also write up a VuXML entry for me to commit? > > Thank you, > Greg Sorry, it should be <range><ge>1.2.0</ge><lt>1.2.1.1_1,1</lt></range> Because >=1.2.0 are affected. -- Regards, Ruslan Tinderboxing kills... the drives.
glarkin 2011-10-24 15:20:27 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - Document phpldapadmin - remote PHP code injection vulnerability PR: ports/161954 Submitted by: Ruslan Mahmatkhanov <cvs-src@yandex.ru> Revision Changes Path 1.2471 +33 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
glarkin 2011-10-24 15:22:09 UTC FreeBSD ports repository Modified files: net/phpldapadmin Makefile Log: - Forced commit to note new VuXML ID for PHP file injection vulnerability PR: ports/161954 Security: edf47177-fe3f-11e0-a207-0014a5e3cda6 Revision Changes Path 1.43 +0 -0 ports/net/phpldapadmin/Makefile _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: feedback->closed Committed, thank you!