Bug#1019539: bullseye-pu: package lemonldap-ng/2.0.11+ds-4+deb11u2

To: Yadd <yadd@debian.org>, 1019539@bugs.debian.org
Subject: Bug#1019539: bullseye-pu: package lemonldap-ng/2.0.11+ds-4+deb11u2
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 14 Oct 2022 11:47:42 +0100
Message-id: <[🔎] 6f391f45921f7fbcc0eca1fc316f13fd89ce8ef9.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1019539@bugs.debian.org
In-reply-to: <166290202339.2695730.8139594463220377065.reportbug@debian007.xnr.fr>
References: <166290202339.2695730.8139594463220377065.reportbug@debian007.xnr.fr> <166290202339.2695730.8139594463220377065.reportbug@debian007.xnr.fr>

Control: tags -1 + confirmed

On Sun, 2022-09-11 at 15:13 +0200, Yadd wrote:
> lemonldap-ng before version 2.0.15 has an issue that may maintain
> a session active on a Lemonldap::NG's handler if user has a
> continuous
> activity on this handler after session expiration or deletion
> (CVE-2022-37186), if and only if user activity is tracked by handlers
> (disabled by defaut)
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Bug#1021648: marked as done (buster-pu: package node-xmldom/0.1.27+ds-1+deb10u1)
Next by Date: Processed: Re: Bug#1019539: bullseye-pu: package lemonldap-ng/2.0.11+ds-4+deb11u2
Previous by thread: Bug#1021651: bullseye-pu: package evolution-ews/3.38.3-1
Next by thread: Processed: Re: Bug#1019539: bullseye-pu: package lemonldap-ng/2.0.11+ds-4+deb11u2
Index(es):
- Date
- Thread