Fedora has issued an advisory on December 21: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/ The issue is fixed upstream in 1.2.6.2.
Another parentless SRPM, so assigning this globally.
Assignee: bugsquad => pkg-bugs
new version 1.2.6.2 uploaded into updates_testing: src: phpldapadmin-1.2.6.2-1.mga7
Assignee: pkg-bugs => qa-bugsCC: (none) => mageia
Advisory: ======================== Updated phpldapadmin package fixes security vulnerability: An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php (CVE-2020-35132). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35132 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6XA42XDSUPCOXL5ZCP5RGD3FD4JQQWNX/ ======================== Updated packages in core/updates_testing: ======================== phpldapadmin-1.2.6.2-1.mga7 from phpldapadmin-1.2.6.2-1.mga7.src.rpm
I'd like to test this, but I can't get php integration with apache web-server right now. apache-mod-php 7.3.6 is broken from what I can tell. I install that and the httpd server fails.
CC: (none) => brtians1