Information on source package lemonldap-ng

Available versions

ReleaseVersion
jessie1.3.3-1+deb8u2
stretch1.9.7-3+deb9u4
buster2.0.2+ds-7+deb10u10
bullseye2.0.11+ds-4+deb11u5
bookworm2.16.1+ds-deb12u2
trixie2.19.2+ds-1
sid2.19.2+ds-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2023-44469vulnerablevulnerablefixedfixedfixedfixedfixedA Server-Side Request Forgery issue in the OpenID Connect Issuer in Le ...
CVE-2023-28862vulnerablevulnerablefixedfixedfixedfixedfixedAn issue was discovered in LemonLDAP::NG before 2.16.1. Weak session I ...
CVE-2022-37186vulnerablevulnerablefixedfixedfixedfixedfixedIn LemonLDAP::NG before 2.0.15. some sessions are not deleted when the ...
CVE-2021-40874vulnerablefixedfixedfixedfixedfixedfixedAn issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. Wh ...
CVE-2021-35473vulnerablefixedfixedfixedfixedfixedfixedAccess token lifetime is not verified with OAuth2 Handler
CVE-2021-35472vulnerablefixedfixedfixedfixedfixedfixedAn issue was discovered in LemonLDAP::NG before 2.0.12. Session cache ...
CVE-2020-24660vulnerablefixedfixedfixedfixedfixedfixedAn issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is ...
CVE-2020-16093vulnerablevulnerable (no DSA)fixedfixedfixedfixedfixedIn LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.5 ...
CVE-2019-19791vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedfixedfixedIn LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache H ...
CVE-2019-15941fixedvulnerable (no DSA, ignored)fixedfixedfixedfixedfixedOpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an ...

Resolved issues

BugDescription
CVE-2024-45160
CVE-2019-13031LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue whe ...
CVE-2019-12046LemonLDAP::NG -2.0.3 has Incorrect Access Control.
CVE-2012-6426LemonLDAP::NG before 1.2.3 does not use the signature-verification cap ...

Security announcements

DSA / DLADescription
DLA-3612-1lemonldap-ng - security update
DLA-3496-1lemonldap-ng - security update
DLA-3287-1lemonldap-ng - security update
DSA-4943-1lemonldap-ng - security update
DSA-4762-1lemonldap-ng - security update
DLA-2367-1lemonldap-ng - security update
DSA-4533-1lemonldap-ng - security update
DLA-1844-1lemonldap-ng - security update
DLA-1790-1lemonldap-ng - security update
DSA-4446-1lemonldap-ng - security update
Search for package or bug name: Reporting problems