Yadd
2024-10-15 19:10:01 UTC
Reply
PermalinkSeverity: normal
Tags: bookworm
X-Debbugs-Cc: lemonldap-***@packages.debian.org, ***@debian.org
Control: affects -1 + src:lemonldap-ng
User: ***@packages.debian.org
Usertags: pu
[ Reason ]
Lemonldap-ng <2.20.0 is vulnerable to a XSS injection (#1084979,
CVE-2024-48933)
[ Impact ]
Low security issue unless admin change default regex for logins
[ Tests ]
Passed
[ Risks ]
Low risk, patch is trivial
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
Add HTML escapes and change autofocus
Cheers,
Xavier