Your message dated Thu, 17 Oct 2024 16:03:05 +0000
with message-id <[email protected]>
and subject line Bug#1084979: fixed in lemonldap-ng 2.16.1+ds-deb12u3
has caused the Debian Bug report #1084979,
regarding lemonldap-ng: CVE-2024-48933
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1084979: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084979
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: lemonldap-ng
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for lemonldap-ng.
CVE-2024-48933[0]:
| A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before
| 2.19.3 allows remote attackers to inject arbitrary web script or
| HTML into the login page via a username if userControl has been set
| to a non-default value that allows special HTML characters.
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3232
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-48933
https://www.cve.org/CVERecord?id=CVE-2024-48933
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: lemonldap-ng
Source-Version: 2.16.1+ds-deb12u3
Done: Yadd <[email protected]>
We believe that the bug you reported is fixed in the latest version of
lemonldap-ng, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yadd <[email protected]> (supplier of updated lemonldap-ng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 15 Oct 2024 20:59:06 +0200
Source: lemonldap-ng
Architecture: source
Version: 2.16.1+ds-deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Yadd <[email protected]>
Closes: 1084979
Changes:
lemonldap-ng (2.16.1+ds-deb12u3) bookworm; urgency=medium
.
* Fix XSS issue (Closes: #1084979, CVE-2024-48933)
Checksums-Sha1:
754c528cfc67f769f5861302bd73c08dc7e80bbd 5253
lemonldap-ng_2.16.1+ds-deb12u3.dsc
8fbc76a92fc7aeae4a3beeab805ff73b7512b8d5 60860
lemonldap-ng_2.16.1+ds-deb12u3.debian.tar.xz
Checksums-Sha256:
4fda677487541b1aa2dd5753870ea466577ccb4eaa79a197a5eab313062b8946 5253
lemonldap-ng_2.16.1+ds-deb12u3.dsc
8cac5d0c228d28e8bb3ad7f936928c8dcdac6f63f8e5cb3d3dc16b99a070c35a 60860
lemonldap-ng_2.16.1+ds-deb12u3.debian.tar.xz
Files:
fb2795c8a22ff0b16b3f114aa0713040 5253 perl optional
lemonldap-ng_2.16.1+ds-deb12u3.dsc
f5689a1ec42bce0b561021762b76ef6e 60860 perl optional
lemonldap-ng_2.16.1+ds-deb12u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAmcRByQACgkQ9tdMp8mZ
7um8dA/9FGQLEG1ibJ4mhOJmWhrsNsnJlSRueRnEbqVp7VuX/gVfRo8o87jjHN89
NPp9VKHFnG4HyNAfRcPx5LA8wZjciZacCzPuWrH+39c2vzWCEo6xuqfI+2mXN00X
1EsZQ6/f9PpKcHEjwL/vmzSdO8Z4OCrcuTt288j0NRgR5tZNPKpohL/1ub1D7mvf
Edg1VvOmVT+6O4IekQmm9mk7GRVY1mDGU+z+IgCY5vfl5VrMhVJfh3W8sy/eOqKe
TGSfqW/3vSKWXjfBZfpI4V/8DBMXaOYa3AesshjdXqLbdt4jEAg7sbSFoBu44tey
Ne+cWTV4tIC6ZsMQP7gbmLII2C5zhCI6ZF6IFdGcjGSegv2aRAxLe+pDMhoVhCv8
c1PdJXv3MiTyXaYj3cPG8CAHVcze9YTQ9EpBDyB2VRTmuwqt0AfXItC1+eFv9d2P
eDPgBDuQtvF83Ark71ebWxjc0tsIDS7UopEIjVtqmXedzoAq7HEEgu7UkFsF7db1
NK5qfzh+cPL1nB43y9X9ikAqsrV9ifJn7Fr91HmAMwL25BRMKJwrgtZbFpUuUDK0
cOUpkGrTPLJnOBL4JhMxmWCQmRdkF5CmM+GFGB5vcoeg2b32aWNTpfDxB0vbIT3S
ys1U5IKpU5tIqFvCZOzYHdJB6/eEvlBSs5pussbLY7/qSiHC87c=
=wKhP
-----END PGP SIGNATURE-----
pgpNPi4lpRjaN.pgp
Description: PGP signature
--- End Message ---