Bug 749678
Summary: | CVE-2011-4082 phpldapadmin: local file inclusion flaw fixed in 0.9.8 [epel-4] | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Vincent Danen <vdanen> |
Component: | phpldapadmin | Assignee: | Dmitry Butskoy <dmitry> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | el4 | CC: | dmitry |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Release Note | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-10-31 15:41:31 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 749677 |
Description
Vincent Danen
2011-10-27 21:13:36 UTC
The bug was fixed upstream in 0.9.7 . EPEL4 has 0.9.8.3 at least several years. Moreover, the first phpldapadmin version appeared in Fedora at all was 0.9.7 . What the reason of this bug ticket? Sorry, surely fixed in 0.9.8 Anyway, 0.9.8.x should be in EPEL4 since 2006 ... The report indicates it was fixed in 0.9.8.5, and we have 0.9.8.3 in EPEL4, so I don't believe it is fixed in EPEL4. > The report indicates it was fixed in 0.9.8.5
Actually, it was fixed in 0.9.8 . Only versions <= 0.9.7 are vulnerable (and it is mentioned in the report).
Compare comon.php" files of 0.9.8.3 and 0.9.8.5 -- it is similar.
0.9.8.3 is in EPEL4 at least since Jul 2009.
IMHO, "close currentrelease" ?
Ah, ok, perfect. Thank you for checking. I'll close this then. |