Your message dated Tue, 15 Oct 2024 17:34:44 +0000
with message-id <[email protected]>
and subject line Bug#1084979: fixed in lemonldap-ng 2.20.0+ds-1
has caused the Debian Bug report #1084979,
regarding lemonldap-ng: CVE-2024-48933
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1084979: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084979
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lemonldap-ng
X-Debbugs-CC: [email protected]
Severity: important
Tags: security

Hi,

The following vulnerability was published for lemonldap-ng.

CVE-2024-48933[0]:
| A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before
| 2.19.3 allows remote attackers to inject arbitrary web script or
| HTML into the login page via a username if userControl has been set
| to a non-default value that allows special HTML characters.

https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2024-48933
    https://www.cve.org/CVERecord?id=CVE-2024-48933

Please adjust the affected versions in the BTS as needed.

--- End Message ---
--- Begin Message ---
Source: lemonldap-ng
Source-Version: 2.20.0+ds-1
Done: Yadd <[email protected]>

We believe that the bug you reported is fixed in the latest version of
lemonldap-ng, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated lemonldap-ng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 Oct 2024 18:50:34 +0200
Source: lemonldap-ng
Built-For-Profiles: nocheck
Architecture: source
Version: 2.20.0+ds-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1084979
Changes:
 lemonldap-ng (2.20.0+ds-1) unstable; urgency=medium
 .
   * Drop useless dependencies
   * New upstream version 2.20.0+ds (Closes: #1084979, CVE-2024-48933)
   * Update manpages generation
   * Drop patches now included in upstream
Checksums-Sha1: 
 ad29b20f7a5b16042f7b0b74597de40c08bfd320 5248 lemonldap-ng_2.20.0+ds-1.dsc
 b614bbd7c75907d2572e84f26d635e683a52066d 9862272 
lemonldap-ng_2.20.0+ds.orig.tar.xz
 7bea9798644306c9be1af374f65d7c00b8d80589 62836 
lemonldap-ng_2.20.0+ds-1.debian.tar.xz
Checksums-Sha256: 
 7e4ca19ffbcc6298d395cbaa6a4fdd4ba29fc346ebebc759a60fce7ff55d1251 5248 
lemonldap-ng_2.20.0+ds-1.dsc
 89ecc35b5db55ec82244c409514e1fddf525e1edf592dd11e6ce0d259f70d75d 9862272 
lemonldap-ng_2.20.0+ds.orig.tar.xz
 e8e900eec30216169ce811c69e40470d82bacb0913c5fa4d76cec05dd6ec0e7d 62836 
lemonldap-ng_2.20.0+ds-1.debian.tar.xz
Files: 
 87e2cf99cf08d79db92c7b66ec21ce42 5248 perl optional 
lemonldap-ng_2.20.0+ds-1.dsc
 5704433a9b7fe473971ca22f9554a9ca 9862272 perl optional 
lemonldap-ng_2.20.0+ds.orig.tar.xz
 94a2cbe042f8e47b1fbe5574dc58a0fa 62836 perl optional 
lemonldap-ng_2.20.0+ds-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmcOpT4ACgkQ9tdMp8mZ
7ulXxg/+LnSqhpDUimLoqkstLaLfzgREkEJpWJ2dQYWBLVSTi/ESa7ra7vnveXh/
9cOIV/kFdpwz6ZGs0qcIThOtt9cJCDLxmy9Debtw4Tvg+822wOCQv3wsgfHIzJm+
EIXLz5TwPz8osjGDECVcfOR2YCN066owxy3jheXSznrI49DNvLaxkbRbsc9zwD3W
5eUlhWzwckKk/LOdmWpZXOVmfm176XdY0k/qHBb/pmDbpwYOAjhXPso5dVG099nH
znqX4S2DU3Aq+tCBjLybVIKi059CaB73tro0zRN68aTKDSzt51Cc/GU7DVSmH+bP
aI2jvMes+d3Xo+KQtQhPWfsOUw1QdT/X0eq7ee/u8nE8pxphWOPEJhji8WxWp+ez
XNMR0GHOjgr6kotID1W6FDsL4a6RP6yvtsoyCmLCZCcfeq4mHcNGRGDywvuPdetV
XhU4cSM2m7pyb5RJghGWPbtJDL3xl+1Lmy/jicWSw4f8T2mjVgdx+88Q/4Nz0TXn
YZK/NoTtfnjPA0r0DtxiFahFS+fcU+JjlajTXMtVikn6bu1R2sS+el9W1VKv+AmO
YJUhPqUePBkH16Ff4pBkE+oIgJbmc5egsvOkLIvW7ERql4NhUuneu7F00lBzgGE2
gDY0ilPC1ZVtt7yjhTzyDFJS2E7vfASFNEHAvzDnWzmeAugPRAw=
=GhS5
-----END PGP SIGNATURE-----

Attachment: pgpIV53aW0zAf.pgp
Description: PGP signature


--- End Message ---

Reply via email to