Security update to version 0.9.7-alpha6 which closes the vulnerabilities mentioned in: http://secunia.com/advisories/16617/ http://secunia.com/advisories/16611/ (16617 in particular allows remote access to arbitrary files on the web server or uploading files from an arbitrary location and executing them in the context of the PHP interpreter in the httpd. Nasty.) The following patches can be applied as a workaround if you don't want to upgrade from 0.9.6c just yet: http://cvs.sourceforge.net/viewcvs.py/phpldapadmin/phpldapadmin/login.php?r1=1.45&r2=1.46 http://cvs.sourceforge.net/viewcvs.py/phpldapadmin/phpldapadmin/welcome.php?r1=1.20&r2=1.21
Responsible Changed From-To: freebsd-ports-bugs->simon Grab security update.
State Changed From-To: open->closed Committed, thanks! Also thanks for the secteam heads-up - I will try to get the issue documented as soon as possible.