Your message dated Sat, 6 Jan 2007 00:48:45 +0100 with message-id <[EMAIL PROTECTED]> and subject line woody is no longer supportedby Debian has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: ldapexplorer Version: 1.17-4 Severity: important Tags: security patch This package treats "userpassword" as all lowercase attribute, so it fails to find "userPassword" as defined in the OpenLDAP schemata. This makes passwords to be saved in clear, instead of intended "{CRYPT}" hashing, and to be of type "text" instead of intended "password" in the WWW form. The literal "{CRYPT}" as password could be problematic too, further checking required. -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux gudi.sirex.com 2.4.20 #1 sáb ene 11 13:11:34 ART 2003 i686 Locale: LANG=spanish, LC_CTYPE=spanish (ignored: LC_ALL set to es_ES) Versions of packages ldapexplorer depends on: ii apache [httpd] 1.3.27.1-3 Versatile, high-performance HTTP s ii debconf 1.3.20 Debian configuration management sy ii php4 4:4.2.3-12 A server-side, HTML-embedded scrip ii php4-cgi 4:4.2.3-12 A server-side, HTML-embedded scrip ii php4-ldap 4:4.2.3-12 LDAP module for php4 ii wwwconfig-common 0.0.32 Debian web auto configuration -- debconf information excluded *** ldapexplorer.diff diff -u ldapexplorer/detail.php ldapexplorer.new/detail.php --- ldapexplorer/detail.php 2001-03-25 03:32:47.000000000 -0300 +++ ldapexplorer.new/detail.php 2003-11-19 14:51:01.000000000 -0300 @@ -296,7 +296,7 @@ else echo $default->prefix_submit . $attrs[$i] . ";" . $j . " "; - if (strstr ($attrs[$i], "userpassword")) { + if (stristr ($attrs[$i], "userpassword")) { echo "type=password "; echo "value=\"" . $value; } diff -u ldapexplorer/submit.php ldapexplorer.new/submit.php --- ldapexplorer/submit.php 2001-03-25 03:32:47.000000000 -0300 +++ ldapexplorer.new/submit.php 2003-11-19 14:51:21.000000000 -0300 @@ -301,10 +301,10 @@ $value = $$name; /* change user's password, default encode type is crypt() */ - if (strstr ($attribute, "userpassword")) { - if (!strstr ($value, "{crypt}")) { + if (stristr ($attribute, "userpassword")) { + if (!strstr ($value, "{CRYPT}")) { if (strlen ($value) != 0) - $value = "{crypt}" . crypt ($value); + $value = "{CRYPT}" . crypt ($value); } $inputvalue = "";
--- End Message ---
--- Begin Message ---These bugs only apply to woody that is no longer supported by Debian. cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed
--- End Message ---
