On Wed, 22 May 2019 at 07:34:06 +0200, Xavier wrote:
> It seems that Clément has fixed something related to that feature.
> Could you try
> https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/commit/deff50f072c64898d1204daa28c01fdcc7275ea4
> ?
That solves the issue indeed, thanks for the pointer!
Le 21 mai 2019 21:40:35 GMT+02:00, Guilhem Moulin a écrit :
>Hi Xavier,
>
> # Load session data into object
> if ($data) {
>+if ( $self->kind ) {
>+unless ( $data->{_session_kind} eq $self->kind ) {
>+$self->error("Session kind mistmatch");
>+
Hi Xavier,
# Load session data into object
if ($data) {
+if ( $self->kind ) {
+unless ( $data->{_session_kind} eq $self->kind ) {
+$self->error("Session kind mistmatch");
+return undef;
+}
+}
Doesn't that break CDA
Package: liblemonldap-ng-portal-perl
Severity: grave
Tags: security upstream patch
Justification: user security hole
Forwarded: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1742
Found: 1.9.7-3
Hi all,
during an internal audit, one of lemonldap-ngi's developers discovered an
attack vect
4 matches
Mail list logo