Release | Version |
---|---|
jessie | 2.7.4+reloaded2-1+deb8u2 |
jessie (security) | 2.7.4+reloaded2-1+deb8u5 |
stretch (security) | 2.7.4+reloaded2-13+deb9u1 |
buster | 2.7.4+reloaded3-8+deb10u1 |
bullseye | 2.7.4+reloaded3-10 |
sid | 2.7.4+reloaded3-10 |
Bug | jessie | stretch | buster | bullseye | sid | Description |
---|---|---|---|---|---|---|
CVE-2019-14466 | fixed | vulnerable | vulnerable | fixed | fixed | GOsa <= 2.7.5.2 uses unserialize to restore filter settings from a cookie. Since this cookie is supplied by the client, authenticated users can pass arbitrary content to unserialized, which opens GOsa up to a potential PHP object injection. |
CVE-2019-11187 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | Incorrect Access Control in the LDAP class of GONICUS GOsa through 201 ... |
Bug | Description |
---|---|
CVE-2018-1000528 | GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb756 ... |
CVE-2015-8771 | The generate_smb_nt_hash function in include/functions.inc in GOsa all ... |
CVE-2014-9760 | Cross-site scripting (XSS) vulnerability in the displayLogin function ... |
CVE-2007-0313 | Unspecified vulnerability in GONICUS System Administration (GOsa) befo ... |
DSA / DLA | Description |
---|---|
DLA-1905-1 | gosa - security update |
DLA-1876-1 | gosa - security update |
DLA-1436-1 | gosa - security update |
DSA-4239-1 | gosa - security update |
DLA-562-1 | gosa - security update |
DLA-408-1 | gosa - security update |
DLA-115-2 | gosa - regression update |
DLA-115-1 | gosa - security update |