Register | Log in

phpldapadmin

web based interface for administering LDAP servers

Choose email to subscribe with

general

source: phpldapadmin (main)
version: 1.2.6.7-2
maintainer: Fabio Tranchitella (DMD) (LowNMU)
uploaders: William Desportes [DMD] [DM] – Marcus Osdoba [DMD]
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 1.2.6.3-0.3+deb12u1
testing: 1.2.6.7-2
unstable: 1.2.6.7-2

versioned links

1.2.6.3-0.3+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.6.7-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

phpldapadmin (2 bugs: 0, 2, 0, 0)

action needed

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2024-9101: A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
CVE-2024-9102: phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.

Created: 2024-12-19 Last update: 2025-01-21 19:33

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-9101: A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
CVE-2024-9102: phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.

Created: 2024-12-19 Last update: 2025-01-21 19:33

lintian reports 18 warnings normal

Lintian reports 18 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-01-01 Last update: 2025-01-01 09:01

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-9101: (postponed; to be fixed through a stable update) A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
CVE-2024-9102: (postponed; to be fixed through a stable update) phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-12-19 Last update: 2025-01-21 19:33

debian/patches: 3 patches to forward upstream low

Among the 6 debian patches available in version 1.2.6.7-2 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-01-01 Last update: 2025-01-01 11:00

news

[2025-01-03] phpldapadmin 1.2.6.7-2 MIGRATED to testing (Debian testing watch)
[2024-12-31] Accepted phpldapadmin 1.2.6.7-2 (source) into unstable (William Desportes)
[2024-02-25] Accepted phpldapadmin 1.2.6.3-0.3+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: William Desportes)
[2024-01-27] phpldapadmin 1.2.6.7-1 MIGRATED to testing (Debian testing watch)
[2024-01-21] Accepted phpldapadmin 1.2.6.7-1 (source) into unstable (William Desportes)
[2023-10-20] phpldapadmin 1.2.6.6-2 MIGRATED to testing (Debian testing watch)
[2023-10-14] Accepted phpldapadmin 1.2.6.6-2 (source) into unstable (William Desportes)
[2023-09-13] Accepted phpldapadmin 1.2.6.6-1 (source) into unstable (William Desportes)
[2023-03-30] phpldapadmin 1.2.6.3-0.3 MIGRATED to testing (Debian testing watch)
[2023-03-20] Accepted phpldapadmin 1.2.6.3-0.3 (source) into unstable (William Desportes) (signed by: Gianfranco Costamagna)
[2022-02-02] phpldapadmin 1.2.6.3-0.2 MIGRATED to testing (Debian testing watch)
[2022-01-27] Accepted phpldapadmin 1.2.6.3-0.2 (source) into unstable (Gianfranco Costamagna)
[2022-01-27] Accepted phpldapadmin 1.2.6.3-0.1 (source) into unstable (Gianfranco Costamagna)
[2021-12-14] phpldapadmin REMOVED from testing (Debian testing watch)
[2021-11-28] phpldapadmin 1.2.2-6.3 MIGRATED to testing (Debian testing watch)
[2021-04-14] phpldapadmin REMOVED from testing (Debian testing watch)
[2020-02-14] phpldapadmin 1.2.2-6.3 MIGRATED to testing (Debian testing watch)
[2020-02-04] Accepted phpldapadmin 1.2.2-6.3 (source) into unstable (Gianfranco Costamagna)
[2020-01-25] phpldapadmin 1.2.2-6.2 MIGRATED to testing (Debian testing watch)
[2020-01-19] Accepted phpldapadmin 1.2.2-6.2 (source) into unstable (Simone Rossetto) (signed by: Adam Borowski)
[2018-11-17] phpldapadmin REMOVED from testing (Debian testing watch)
[2018-10-31] Accepted phpldapadmin 1.2.2-5.2+deb8u1 (source all) into oldstable (Antoine Beaupré)
[2018-10-29] Accepted phpldapadmin 1.2.2-6.1~bpo9+1 (source all) into stretch-backports, stretch-backports (Dominik George)
[2018-10-09] phpldapadmin 1.2.2-6.1 MIGRATED to testing (Debian testing watch)
[2018-07-23] phpldapadmin REMOVED from testing (Debian testing watch)
[2017-10-18] phpldapadmin 1.2.2-6.1 MIGRATED to testing (Debian testing watch)
[2017-10-12] Accepted phpldapadmin 1.2.2-6.1 (source) into unstable (Cyril Brulebois)
[2017-07-10] Accepted phpldapadmin 1.2.2-5+deb7u1 (source all) into oldoldstable (Chris Lamb)
[2016-08-06] Accepted phpldapadmin 1.2.2-6 (source all) into unstable (Fabio Tranchitella)
[2016-05-21] phpldapadmin REMOVED from testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 18)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (90, -)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.6.7-2
6 bugs

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing