| Release | Version |
|---|---|
| jessie | 2.7.4+reloaded2-1+deb8u2 |
| jessie (security) | 2.7.4+reloaded2-1+deb8u5 |
| stretch (security) | 2.7.4+reloaded2-13+deb9u1 |
| buster | 2.7.4+reloaded3-8+deb10u1 |
| bullseye | 2.7.4+reloaded3-10 |
| sid | 2.7.4+reloaded3-10 |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2019-14466 | fixed | vulnerable | vulnerable | fixed | fixed | GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection. |
| CVE-2019-11187 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Incorrect Access Control in the LDAP class of GONICUS GOsa through 201 ... |
| Bug | Description |
|---|---|
| CVE-2018-1000528 | GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb756 ... |
| CVE-2015-8771 | The generate_smb_nt_hash function in include/functions.inc in GOsa all ... |
| CVE-2014-9760 | Cross-site scripting (XSS) vulnerability in the displayLogin function ... |
| CVE-2007-0313 | Unspecified vulnerability in GONICUS System Administration (GOsa) befo ... |
| DSA / DLA | Description |
|---|---|
| DLA-1905-1 | gosa - security update |
| DLA-1876-1 | gosa - security update |
| DLA-1436-1 | gosa - security update |
| DSA-4239-1 | gosa - security update |
| DLA-562-1 | gosa - security update |
| DLA-408-1 | gosa - security update |
| DLA-115-2 | gosa - regression update |
| DLA-115-1 | gosa - security update |