Debian-LTS has issued an advisory on July 8: https://www.debian.org/lts/security/2023/dla-3487 The issues are fixed upstream in 1.3.1. Mageia 8 is also affected.
Status comment: (none) => Fixed upstream in 1.3.1Whiteboard: (none) => MGA8TOO
Query: Source RPM: fusiondirectory-1.3-2.mga9.src.rpm Sophie shows fusiondirectory-1.3-2.mga9.src.rpm But The issues are fixed upstream in 1.3.1 ??? Luigi, when you have clarified this, please assign the bug to pkg-bugs, since this pkg has been quiet for ages, and long past maintainers are iffy today.
I'm not sure what needs clarified. We have version 1.3, and the issues are fixed in 1.3.1.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Fusiondirectory 1.3 suffers from Improper Session Handling. (CVE-2022-36179) Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. (CVE-2022-36180) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36179 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36180 https://www.debian.org/lts/security/2023/dla-3487 ======================== Updated packages in {8|9}/core/updates_testing: ======================== fusiondirectory-1.3.1-1.mga{8|9} fusiondirectory-database-1.3.1-1.mga{8|9} fusiondirectory-plugin-alias-1.3.1-1.mga{8|9} fusiondirectory-plugin-applications-1.3.1-1.mga{8|9} fusiondirectory-plugin-argonaut-1.3.1-1.mga{8|9} fusiondirectory-plugin-audit-1.3.1-1.mga{8|9} fusiondirectory-plugin-autofs-1.3.1-1.mga{8|9} fusiondirectory-plugin-certificates-1.3.1-1.mga{8|9} fusiondirectory-plugin-community-1.3.1-1.mga{8|9} fusiondirectory-plugin-cyrus-1.3.1-1.mga{8|9} fusiondirectory-plugin-debconf-1.3.1-1.mga{8|9} fusiondirectory-plugin-developers-1.3.1-1.mga{8|9} fusiondirectory-plugin-dhcp-1.3.1-1.mga{8|9} fusiondirectory-plugin-dns-1.3.1-1.mga{8|9} fusiondirectory-plugin-dovecot-1.3.1-1.mga{8|9} fusiondirectory-plugin-dsa-1.3.1-1.mga{8|9} fusiondirectory-plugin-ejbca-1.3.1-1.mga{8|9} fusiondirectory-plugin-fai-1.3.1-1.mga{8|9} fusiondirectory-plugin-freeradius-1.3.1-1.mga{8|9} fusiondirectory-plugin-fusioninventory-1.3.1-1.mga{8|9} fusiondirectory-plugin-gpg-1.3.1-1.mga{8|9} fusiondirectory-plugin-ipmi-1.3.1-1.mga{8|9} fusiondirectory-plugin-kolab2-1.3.1-1.mga{8|9} fusiondirectory-plugin-ldapdump-1.3.1-1.mga{8|9} fusiondirectory-plugin-ldapmanager-1.3.1-1.mga{8|9} fusiondirectory-plugin-mail-1.3.1-1.mga{8|9} fusiondirectory-plugin-mixedgroups-1.3.1-1.mga{8|9} fusiondirectory-plugin-nagios-1.3.1-1.mga{8|9} fusiondirectory-plugin-netgroups-1.3.1-1.mga{8|9} fusiondirectory-plugin-newsletter-1.3.1-1.mga{8|9} fusiondirectory-plugin-opsi-1.3.1-1.mga{8|9} fusiondirectory-plugin-personal-1.3.1-1.mga{8|9} fusiondirectory-plugin-posix-1.3.1-1.mga{8|9} fusiondirectory-plugin-ppolicy-1.3.1-1.mga{8|9} fusiondirectory-plugin-puppet-1.3.1-1.mga{8|9} fusiondirectory-plugin-pureftpd-1.3.1-1.mga{8|9} fusiondirectory-plugin-quota-1.3.1-1.mga{8|9} fusiondirectory-plugin-renater-partage-1.3.1-1.mga{8|9} fusiondirectory-plugin-repository-1.3.1-1.mga{8|9} fusiondirectory-plugin-samba-1.3.1-1.mga{8|9} fusiondirectory-plugin-sinaps-1.3.1-1.mga{8|9} fusiondirectory-plugin-sogo-1.3.1-1.mga{8|9} fusiondirectory-plugin-spamassassin-1.3.1-1.mga{8|9} fusiondirectory-plugin-squid-1.3.1-1.mga{8|9} fusiondirectory-plugin-ssh-1.3.1-1.mga{8|9} fusiondirectory-plugin-subcontracting-1.3.1-1.mga{8|9} fusiondirectory-plugin-sudo-1.3.1-1.mga{8|9} fusiondirectory-plugin-supann-1.3.1-1.mga{8|9} fusiondirectory-plugin-sympa-1.3.1-1.mga{8|9} fusiondirectory-plugin-systems-1.3.1-1.mga{8|9} fusiondirectory-plugin-user-reminder-1.3.1-1.mga{8|9} fusiondirectory-plugin-weblink-1.3.1-1.mga{8|9} fusiondirectory-plugin-webservice-1.3.1-1.mga{8|9} fusiondirectory-schema-1.3.1-1.mga{8|9} from SRPMS: fusiondirectory-1.3.1-1.mga{8|9}.src.rpm
Version: Cauldron => 9Status comment: Fixed upstream in 1.3.1 => (none)Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDCC: (none) => nicolas.salguero
MGA8-64 Xfce on Acer Aspire 5253 No installation issues. No wiki, no previous update, so googling brought me to https://fusiondirectory-user-manual.readthedocs.io/en/1.3/fusiondirectory/index.html but trying to follow this (apart from the installation instructions) I run into problems. According this manual, I would need to run # fusiondirectory-insert-schema -i /etc/openldap/schema/cosine.schema but Can't exec "ldap-schema-manager": No such file or directory at /usr/sbin/fusiondirectory-insert-schema line 37. This is overcome by installing the schema2ldif package. Missed dependency??? and then. # fusiondirectory-insert-schema -i /etc/openldap/schema/cosine.schema ! /etc/ldap/schema/fusiondirectory/ doesn't seems to exists Note the difference between /etc/openldap/ and /etc/ldap/, this seems an inconsistency here.
CC: (none) => herman.viaene