[ubuntu/xenial-security] gosa 2.7.4+reloaded2-9ubuntu1.1 (Accepted)
Avital Ostromich
avital.ostromich at canonical.com
Wed Oct 28 18:46:15 UTC 2020
gosa (2.7.4+reloaded2-9ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Server-Side Reflected XSS vulnerability
- debian/patches/0013_escape-html-entities-for-uid-to-avoid-code-execution-
CVE-2018-1000528.patch: Sanitize the uid POST parameter in
html/password.php.
- CVE-2018-1000528
* SECURITY UPDATE: Incorrect Access Control
- debian/patches/1046_CVE-2019-11187_stricter-ldap-error-check.patch: Use a
stricter error check in ldap::success()
of include/class_ldap.inc.
- CVE-2019-11187
* SECURITY UPDATE: PHP objection injection vulnerability
- debian/patches/1047_CVE-2019-14466-{1,2}_replace_unserialize_with_json_
encode+json_decode.patch: Replace serialize/unserialize with
json_encode/json_decode and preform type-checking on return value.
- CVE-2019-14466
Date: 2020-10-19 23:04:13.536968+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
https://launchpad.net/ubuntu/+source/gosa/2.7.4+reloaded2-9ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list