Bug#934345: buster-pu: package gosa/2.7.4+reloaded3-8+deb10u1
On Sat, 10 Aug 2019 04:09:33 +0200 Mike Gabriel <sunweaver@debian.org>
wrote:
> + * debian/patches:
> + + Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch.
> + Perform stricter check on LDAP success/failure (CVE-2019-11187).
>
> Considered severe issue by FusionDirectory upstream, assessment by the
> security team says: no-dsa issue. In theory, the flaw that got fixed
could
> let someone into the FusionDirectory WebUI with a wrong password.
Sorry, the FusionDirectory upstream consider this issue severe, not only
in FD, but also in GOsa.
For this upload approval request, the flaw, of course, can possibly
allow someone to get into the GOsa WebUI with a wrong password.
Sorry for the confusion in the last line of the previous mail/paragraph.
Mike
Reply to: