Discussion:
Bug#1085176: bookworm-pu: package lemonldap-ng/2.16.1+ds-deb12u3
Add Reply
Yadd
2024-10-15 19:10:01 UTC
Reply
Permalink
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: lemonldap-***@packages.debian.org, ***@debian.org
Control: affects -1 + src:lemonldap-ng
User: ***@packages.debian.org
Usertags: pu

[ Reason ]
Lemonldap-ng <2.20.0 is vulnerable to a XSS injection (#1084979,
CVE-2024-48933)

[ Impact ]
Low security issue unless admin change default regex for logins

[ Tests ]
Passed

[ Risks ]
Low risk, patch is trivial

[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable

[ Changes ]
Add HTML escapes and change autofocus

Cheers,
Xavier
Jonathan Wiltshire
2024-10-17 12:10:04 UTC
Reply
Permalink
Control: tag -1 confirmed

With UNRELEASED fixed in debian/NEWS, please go ahead.

Thanks,
--
Jonathan Wiltshire ***@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Jonathan Wiltshire
2024-10-17 16:00:02 UTC
Reply
Permalink
package release.debian.org
tags 1085176 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: lemonldap-ng
Version: 2.16.1+ds-deb12u3

Explanation: fix cross-site scripting vulnerability on login page [CVE-2024-48933]
Loading...