Univention Bugzilla – Full Text Bug Listing |
Summary: | pam_univentionmailcyrus.so ignores univentionMailHomeServer | ||
---|---|---|---|
Product: | UCS | Reporter: | Daniel Tröder <troeder> |
Component: | Assignee: | Mail maintainers <mail-maintainers> | |
Status: | RESOLVED WONTFIX | QA Contact: | |
Severity: | normal | ||
Priority: | P5 | CC: | best, birkefeld, gohmann, schwardt |
Version: | UCS 4.0 | ||
Target Milestone: | UCS 4.0-x | ||
Hardware: | Other | ||
OS: | Linux | ||
See Also: | https://forge.univention.org/bugzilla/show_bug.cgi?id=38804 | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 1: Cosmetic issue or missing function but workaround exists |
Who will be affected by this bug?: | 2: Will only affect a few installed domains | How will those affected feel about the bug?: | 1: Nuisance – not a big deal but noticeable |
User Pain: | 0.011 | Enterprise Customer affected?: | |
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | 38387 | ||
Bug Blocks: | 38457 |
Description
Daniel Tröder
2015-09-08 11:08:22 CEST
It defines also the search filter without escaping the values: 152 snprintf(filter, BUFSIZ, "(&(%s=%s)(%s=*))", fromattr, fromuser, toattr); where fromuser is a not ldap-filter-escaped string given by user input which e.g. could be '*' or '*)(foo=bar'. This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016. Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you. |