Security update of Gosa

To: Debian LTS <debian-lts@lists.debian.org>, sunweaver@debian.org
Subject: Security update of Gosa
From: Markus Koschany <apo@debian.org>
Date: Tue, 21 Jun 2016 01:15:17 +0200
Message-id: <[🔎] baeb393d-cb71-0a11-0cb4-197d3e16bd56@debian.org>

Hello Michael,

you are still listed in dla-needed.txt as the owner of Gosa. Apparently
you already prepared a debdiff and sent it to the security team but it
was never released. Would it be possible to share it with us? Or can you
confirm that the following patches from Jessie will resolve this issue?

https://tracker.debian.org/media/packages/g/gosa/changelog-2.7.4%2Breloaded2-1%2Bdeb8u2

CVE-2015-8771:

0006_code-injection-in-samba-hash-generation.patch,
0007_update-sambaHashHook-description.patch. Fix potential
      code injection issue in Samba hash generation. (CVE-2015-8771)



CVE-2014-9760:

https://sources.debian.net/src/gosa/2.7.4%2Breloaded2-12/debian/patches/0003_xss-vulnerability-on-login-screen.patch/

Regards

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: Security update of Gosa
  - From: Mike Gabriel <sunweaver@debian.org>

Prev by Date: openssl / CVE-2016-2177.patch
Next by Date: Re: openssl / CVE-2016-2177.patch
Previous by thread: Re: openssl / CVE-2016-2177.patch
Next by thread: Re: Security update of Gosa
Index(es):
- Date
- Thread