Bug 27905 - phpldapadmin new security issue CVE-2020-35132
Summary: phpldapadmin new security issue CVE-2020-35132
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Depends on:
Reported: 2020-12-22 17:40 CET by David Walser
Modified: 2021-01-18 16:16 CET (History)
2 users (show)

See Also:
Source RPM: phpldapadmin-1.2.3-9.p2.mga7.src.rpm
Status comment:


Description David Walser 2020-12-22 17:40:12 CET
Fedora has issued an advisory on December 21:

The issue is fixed upstream in
Comment 1 Lewis Smith 2020-12-22 20:48:53 CET
Another parentless SRPM, so assigning this globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Lécureuil 2020-12-24 00:32:08 CET
new version uploaded into updates_testing:

src: phpldapadmin-

Assignee: pkg-bugs => qa-bugs
CC: (none) => mageia

Comment 3 David Walser 2020-12-24 00:37:26 CET

Updated phpldapadmin package fixes security vulnerability:

An XSS issue has been discovered in phpLDAPadmin before that allows
users to store malicious values that may be executed by other users at a later
time via get_request in lib/function.php (CVE-2020-35132).


Updated packages in core/updates_testing:

from phpldapadmin-
Comment 4 Brian Rockwell 2021-01-18 16:16:40 CET
I'd like to test this, but I can't get php integration with apache web-server right now.  

apache-mod-php 7.3.6 is broken from what I can tell.  I install that and the httpd server fails.

CC: (none) => brtians1

Note You need to log in before you can comment on or make changes to this bug.