Hi Markus, On Di 21 Jun 2016 01:15:17 CEST, Markus Koschany wrote:
Hello Michael,
you are still listed in dla-needed.txt as the owner of Gosa. Apparently
you already prepared a debdiff and sent it to the security team but it
was never released. Would it be possible to share it with us? Or can you
confirm that the following patches from Jessie will resolve this issue?
https://tracker.debian.org/media/packages/g/gosa/changelog-2.7.4%2Breloaded2-1%2Bdeb8u2
CVE-2015-8771:
0006_code-injection-in-samba-hash-generation.patch,
0007_update-sambaHashHook-description.patch. Fix potential
code injection issue in Samba hash generation. (CVE-2015-8771)
CVE-2014-9760:
https://sources.debian.net/src/gosa/2.7.4%2Breloaded2-12/debian/patches/0003_xss-vulnerability-on-login-screen.patch/
Regards
Markus
I'll get back to you tomorrow on this. Basically, I can do the upload my self. Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunweaver@debian.org, http://sunweavers.net
Attachment:
pgp_Ej0W6eN54.pgp
Description: Digitale PGP-Signatur