Bug#949702: buster-pu: package lemonldap-ng/2.0.2+ds-7+deb10u3
Control: tags -1 + confirmed
On Thu, 2020-01-23 at 22:36 +0100, Xavier Guimard wrote:
> lemonldap-ng is vulnerable to several security issues. This
> cumulative patch fixes them:
> - CVE-2019-19791: bad default configuration which does not really
> protect SOAP/REST endpoints
> - When 2FA is used, the grantSession plugin does not filter
> successful connections
> - OIDC relying party restriction introduced in 2.0.0 does not work
> when a previous federation was granted in the same session
>
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,17 @@
+lemonldap-ng (2.0.2+ds-7+deb10u3) buster-security; urgency=high
That should just be "buster".
Please go ahead.
Regards,
Adam
Reply to: