Bug#934345: buster-pu: package gosa/2.7.4+reloaded3-8+deb10u1

To: 934345@bugs.debian.org
Subject: Bug#934345: buster-pu: package gosa/2.7.4+reloaded3-8+deb10u1
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Sat, 10 Aug 2019 04:34:04 +0200
Message-id: <[🔎] 1b0cd8ed-b44d-a26c-5bfc-fb175a55fa09@das-netzwerkteam.de>
Reply-to: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 934345@bugs.debian.org
In-reply-to: <[🔎] 156540297310.26265.10862392396823097637.reportbug@minobo.das-netzwerkteam.de>
References: <[🔎] 156540297310.26265.10862392396823097637.reportbug@minobo.das-netzwerkteam.de> <[🔎] 156540297310.26265.10862392396823097637.reportbug@minobo.das-netzwerkteam.de> <[🔎] 156540297310.26265.10862392396823097637.reportbug@minobo.das-netzwerkteam.de>

On Sat, 10 Aug 2019 04:09:33 +0200 Mike Gabriel <sunweaver@debian.org>wrote:


> + * debian/patches:
> + + Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch.
> + Perform stricter check on LDAP success/failure (CVE-2019-11187).
>
> Considered severe issue by FusionDirectory upstream, assessment by the

> security team says: no-dsa issue. In theory, the flaw that got fixedcould

> let someone into the FusionDirectory WebUI with a wrong password.

Sorry, the FusionDirectory upstream consider this issue severe, not onlyin FD, but also in GOsa.

For this upload approval request, the flaw, of course, can possiblyallow someone to get into the GOsa WebUI with a wrong password.


Sorry for the confusion in the last line of the previous mail/paragraph.

Mike

Reply to:

References:
- Bug#934345: buster-pu: package gosa/2.7.4+reloaded3-8+deb10u1
  - From: Mike Gabriel <sunweaver@debian.org>

Prev by Date: Bug#927433: stretch-pu: package gosa/2.7.4+reloaded2-13+deb9u2
Next by Date: Bug#934206: buster-pu: package golang-github-docker-docker-credential-helpers/0.6.1-2+deb10u1
Previous by thread: Bug#934345: buster-pu: package gosa/2.7.4+reloaded3-8+deb10u1
Next by thread: Processed: gosa 2.7.4+reloaded3-8+deb10u1 flagged for acceptance
Index(es):
- Date
- Thread