security update missed

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

On Lucid this seems to be disabled on the server side.

I receive - Command disabled by the server configuration. It is fixed upstream in 1.2, which will be in Lucid shortly, and is currently in Maverick.

Maverick has 1.2.0.5-1ubuntu1

Patch posted before is for jaunty, sorry. I had hardy on the brain.

ACK. I've uploaded this to the security queue. Thanks for your patch Brian!

phpldapadmin (1.1.0.5-6ubuntu3.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Fixes Directory traversal vulnerability in cmd.php that
    allows remote attackers to include and execute arbitrary local files.
  - added debian/patches/CVE-2009-4427.dpatch: Fixes CVE-2009-4427.
    Patch provided by Debian in Lenny (Debian Bug #561975, DSA-1965-1)

Unsubscribing ubuntu-security-sponsors since there is no more debdiffs to process. Please re-subscribe once new debdiffs get uploaded.

This bug was fixed in the package phpldapadmin - 1.2.0.5-1ubuntu1.10.04.1

---------------
phpldapadmin (1.2.0.5-1ubuntu1.10.04.1) lucid-proposed; urgency=low

  * New upstream release
    - Fix compatibility with PHP 5.3 (LP: #551269)
    - Fix error on renaming a CN (LP: #384157)
  * SECURITY UPDATE: Input passed via the "cmd" parameter to cmd.php is not
    properly verified before being used to include files. This can be
    exploited to include arbitrary files from local resources. (LP: #511189)
    - Fixed by upstream release
    - CVE-2009-4427
 -- Stefan Lesicnik <email address hidden> Fri, 14 May 2010 18:48:40 +0200

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Thank you for reporting this bug to Ubuntu. karmic has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against karmic is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Thank you for reporting this bug and helping to make Ubuntu better. The package referred to in this bug is in universe or multiverse and reported against a release of Ubuntu (hardy) which no longer receives updates outside of the explicitly supported LTS packages. While the bug against hardy is being marked "Won't Fix" for now, if you are interested feel free to post a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures'

Please feel free to report any other bugs you may find.