[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1844-1] lemonldap-ng security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : lemonldap-ng
Version        : 1.3.3-1+deb8u2
CVE ID         : CVE-2019-13031
Debian Bug     : #931117

It was discovered that there was a XML external entity vulnerability
in the lemonldap-ng single-sign on system. This may have led to the
disclosure of confidential data, denial of service, server side
request forgery, port scanning, etc.

For Debian 8 "Jessie", this issue has been fixed in lemonldap-ng version
1.3.3-1+deb8u2.

We recommend that you upgrade your lemonldap-ng packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0d/UMACgkQHpU+J9Qx
Hlj0VxAAsYAiH43oUyuJ6fUSPLPVrW8fKiP/xnrj4++cf4o3rCcyfbO8yHGrbHnR
t+LlUNnFELGHHxNWWN+PoJlgHqBKtdoCQrRAF/u+MQJjB7+NSCc5uGadHd0607TE
2nHYCYueETBoWJ9PxUL16IrAwKTr/orz20wNCWRqwa9AR0OeQ6lubLuYT5AgNLGd
CbrwxhkNF1jyA6QFgr1aJjZuVGm/I/6Z3anu7BdWzb5yZDjvK3IYB/BIH7Fe+plY
6ilVtrYII/+oGTEBOTuAHhBjNxMxXtb4LBauTz9v9NNeHBXO0Yu7j/O1PuYS2g9d
RegRd2Aiq2AIddCAH3WUfqej8v3iZCxl1Uyvh6TSIgsfhN71cvtzryoqEnV00taY
Q6pDVOCJE061qH1bck7noyiW6GpyZmgwFHogzW2S//WjZnqTYzZP9IaTPm+Vveo8
YY3y2z48PzJL59xknpKv3SMuAd1FuBKjWQi/XaX84YpImPjdP8AijfGnQBRqR+ON
vEHphMciUufg+IWEAOQfhbxPzGMsFbxEM00u2DRXpY6RUFPjAjIseUEvpU86o46w
3kJTN9etn75Uf+jNPu1jnL5vEipsegwu1cOdsftT7Do9aWDWd4mF7FGD9cUYyd/y
1KuHMdMEta6uTdVQ5FJZLOqxEBu41pI9PlfGJv5fA4m8/az8JgU=
=oant
-----END PGP SIGNATURE-----


Reply to: