Hi Markus, On Di 21 Jun 2016 01:15:17 CEST, Markus Koschany wrote:
Hello Michael, you are still listed in dla-needed.txt as the owner of Gosa. Apparently you already prepared a debdiff and sent it to the security team but it was never released. Would it be possible to share it with us? Or can you confirm that the following patches from Jessie will resolve this issue? https://tracker.debian.org/media/packages/g/gosa/changelog-2.7.4%2Breloaded2-1%2Bdeb8u2 CVE-2015-8771: 0006_code-injection-in-samba-hash-generation.patch, 0007_update-sambaHashHook-description.patch. Fix potential code injection issue in Samba hash generation. (CVE-2015-8771) CVE-2014-9760: https://sources.debian.net/src/gosa/2.7.4%2Breloaded2-12/debian/patches/0003_xss-vulnerability-on-login-screen.patch/ Regards Markus
I'll get back to you tomorrow on this. Basically, I can do the upload my self. Greets, Mike -- mike gabriel aka sunweaver (Debian Developer) mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: sunwea...@debian.org, http://sunweavers.net
pgpidsAkHdQ2g.pgp
Description: Digitale PGP-Signatur