phpldapadmin - Debian Package Tracker

general

source: phpldapadmin (main)
version: 1.2.6.7-3
maintainer: William Desportes (DMD) (DM)
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 1.2.6.3-0.3+deb12u1
stable-bpo: 1.2.6.7-3~bpo12+1
testing: 1.2.6.7-3
unstable: 1.2.6.7-3

versioned links

1.2.6.3-0.3+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.6.7-3~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.6.7-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

phpldapadmin

action needed

A new upstream version is available: 2.0.3 high

A new upstream version 2.0.3 is available, you should consider packaging it.

Created: 2025-03-05 Last update: 2025-04-04 13:31

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2024-9101: A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
CVE-2024-9102: phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.

Created: 2024-12-19 Last update: 2025-04-01 06:04

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2024-9101: A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
CVE-2024-9102: phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.

Created: 2024-12-19 Last update: 2025-04-01 06:04

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1.2.6.7-4, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 7e3a158a2867eb962c849d1112e0a9103641394b
Author: William Desportes <williamdes@wdes.fr>
Date:   Thu Apr 3 19:08:26 2025 +0200

    d/ch

commit 11e1b33119c8d6062b70e8f170e6bc53fb91934e
Author: William Desportes <williamdes@wdes.fr>
Date:   Thu Apr 3 19:07:07 2025 +0200

    Add a patch for CVE-2024-9101

Created: 2025-04-03 Last update: 2025-04-03 18:32

lintian reports 18 warnings normal

Lintian reports 18 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-01-01 Last update: 2025-01-01 09:01

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2024-9101: (postponed; to be fixed through a stable update) A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
CVE-2024-9102: (postponed; to be fixed through a stable update) phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-12-19 Last update: 2025-04-01 06:04

debian/patches: 3 patches to forward upstream low

Among the 6 debian patches available in version 1.2.6.7-3 of the package, we noticed the following issues:

3 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2025-01-01 Last update: 2025-03-27 12:03

news

[rss feed]

[2025-04-01] Accepted phpldapadmin 1.2.6.7-3~bpo12+1 (source) into stable-backports (William Desportes)
[2025-04-01] phpldapadmin 1.2.6.7-3 MIGRATED to testing (Debian testing watch)
[2025-03-26] Accepted phpldapadmin 1.2.6.7-3 (source) into unstable (William Desportes)
[2025-03-25] Accepted phpldapadmin 1.2.6.7-2~bpo12+1 (source all) into stable-backports (Debian FTP Masters) (signed by: James Valleroy)
[2025-01-03] phpldapadmin 1.2.6.7-2 MIGRATED to testing (Debian testing watch)
[2024-12-31] Accepted phpldapadmin 1.2.6.7-2 (source) into unstable (William Desportes)
[2024-02-25] Accepted phpldapadmin 1.2.6.3-0.3+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: William Desportes)
[2024-01-27] phpldapadmin 1.2.6.7-1 MIGRATED to testing (Debian testing watch)
[2024-01-21] Accepted phpldapadmin 1.2.6.7-1 (source) into unstable (William Desportes)
[2023-10-20] phpldapadmin 1.2.6.6-2 MIGRATED to testing (Debian testing watch)
[2023-10-14] Accepted phpldapadmin 1.2.6.6-2 (source) into unstable (William Desportes)
[2023-09-13] Accepted phpldapadmin 1.2.6.6-1 (source) into unstable (William Desportes)
[2023-03-30] phpldapadmin 1.2.6.3-0.3 MIGRATED to testing (Debian testing watch)
[2023-03-20] Accepted phpldapadmin 1.2.6.3-0.3 (source) into unstable (William Desportes) (signed by: Gianfranco Costamagna)
[2022-02-02] phpldapadmin 1.2.6.3-0.2 MIGRATED to testing (Debian testing watch)
[2022-01-27] Accepted phpldapadmin 1.2.6.3-0.2 (source) into unstable (Gianfranco Costamagna)
[2022-01-27] Accepted phpldapadmin 1.2.6.3-0.1 (source) into unstable (Gianfranco Costamagna)
[2021-12-14] phpldapadmin REMOVED from testing (Debian testing watch)
[2021-11-28] phpldapadmin 1.2.2-6.3 MIGRATED to testing (Debian testing watch)
[2021-04-14] phpldapadmin REMOVED from testing (Debian testing watch)
[2020-02-14] phpldapadmin 1.2.2-6.3 MIGRATED to testing (Debian testing watch)
[2020-02-04] Accepted phpldapadmin 1.2.2-6.3 (source) into unstable (Gianfranco Costamagna)
[2020-01-25] phpldapadmin 1.2.2-6.2 MIGRATED to testing (Debian testing watch)
[2020-01-19] Accepted phpldapadmin 1.2.2-6.2 (source) into unstable (Simone Rossetto) (signed by: Adam Borowski)
[2018-11-17] phpldapadmin REMOVED from testing (Debian testing watch)
[2018-10-31] Accepted phpldapadmin 1.2.2-5.2+deb8u1 (source all) into oldstable (Antoine Beaupré)
[2018-10-29] Accepted phpldapadmin 1.2.2-6.1~bpo9+1 (source all) into stretch-backports, stretch-backports (Dominik George)
[2018-10-09] phpldapadmin 1.2.2-6.1 MIGRATED to testing (Debian testing watch)
[2018-07-23] phpldapadmin REMOVED from testing (Debian testing watch)
[2017-10-18] phpldapadmin 1.2.2-6.1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 18)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (90, -)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.2.6.7-2
6 bugs