Your message dated Mon, 24 Dec 2012 20:47:45 +0000
with message-id <[email protected]>
and subject line Bug#696329: fixed in lemonldap-ng 1.1.2-5+deb7u1
has caused the Debian Bug report #696329,
regarding lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
696329: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696329
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: lemonldap-ng
Version: 1.2.2-2
Severity: important
Tags: security
Description: Due to a bad use of Lasso library, SAML signatures are never
checked, even if we force signature check. Anyone using SAML binding in
LemonLDAP::NG should apply it quick and upgrade to 1.2.3 as soon as it will be
released.
Bug: http://jira.ow2.org/browse/LEMONLDAP-570
Patch:
http://jira.ow2.org/secure/attachment/11153/lemonldap-ng-saml-signature-verification.patch
CVE request http://www.openwall.com/lists/oss-security/2012/12/19/6
Checked from code that this is not yet patched in unstable.
- Henri Salo
--- End Message ---
--- Begin Message ---
Source: lemonldap-ng
Source-Version: 1.1.2-5+deb7u1
We believe that the bug you reported is fixed in the latest version of
lemonldap-ng, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Xavier Guimard <[email protected]> (supplier of updated lemonldap-ng package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 20 Dec 2012 06:41:50 +0100
Source: lemonldap-ng
Binary: lemonldap-ng lemonldap-ng-doc liblemonldap-ng-handler-perl
liblemonldap-ng-conf-perl liblemonldap-ng-manager-perl
liblemonldap-ng-portal-perl
Architecture: source all
Version: 1.1.2-5+deb7u1
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Xavier Guimard <[email protected]>
Changed-By: Xavier Guimard <[email protected]>
Description:
lemonldap-ng - Lemonldap::NG Web-SSO system
lemonldap-ng-doc - Lemonldap::NG Web-SSO system documentation
liblemonldap-ng-conf-perl - Lemonldap::NG common files
liblemonldap-ng-handler-perl - Lemonldap::NG Apache module part
liblemonldap-ng-manager-perl - Lemonldap::NG manager part
liblemonldap-ng-portal-perl - Lemonldap::NG authentication portal part
Closes: 693366 696329
Changes:
lemonldap-ng (1.1.2-5+deb7u1) testing-proposed-updates; urgency=high
.
* Fix for CVE-2012-6426 (Closes: #696329)
* Brazilian translation (Closes: #693366)
Checksums-Sha1:
e04bf0f2677676af2d6ecb43d96f1e7c437ffdc3 2561 lemonldap-ng_1.1.2-5+deb7u1.dsc
d803e36c2c319cca2e03e1cde7625d6d2fe14015 19476
lemonldap-ng_1.1.2-5+deb7u1.debian.tar.gz
6379686157da0960566873ad1be7c0f247525b4b 17938
lemonldap-ng_1.1.2-5+deb7u1_all.deb
f432e69eac3eb461946a8091f4dccb23a6de1e59 4484980
lemonldap-ng-doc_1.1.2-5+deb7u1_all.deb
db423ac00d436b8ff58e917192cb4ebb91cdbd13 109374
liblemonldap-ng-handler-perl_1.1.2-5+deb7u1_all.deb
b823f45c06df6c7ccef9e8e77a5b847fc49068c9 85632
liblemonldap-ng-conf-perl_1.1.2-5+deb7u1_all.deb
c8e6a46a8aaa02f7f1d74d2155b39bbc82f96a2d 262146
liblemonldap-ng-manager-perl_1.1.2-5+deb7u1_all.deb
88dfdbd365139cbb4d60659e03abf0312e59a897 482462
liblemonldap-ng-portal-perl_1.1.2-5+deb7u1_all.deb
Checksums-Sha256:
c709006eb9ab4009e2fac7edfbff7fe33816a3f5e7b2b1aa0fed47a4c39c4e78 2561
lemonldap-ng_1.1.2-5+deb7u1.dsc
e1b2ebccae964e7a66574d27c3bc12c598be8c9fa65c939a53d8c6bb9413a127 19476
lemonldap-ng_1.1.2-5+deb7u1.debian.tar.gz
ea360df5854c6241f55e62f99be9a9633b87da5c0d753ab30280d14a2d3c5ed4 17938
lemonldap-ng_1.1.2-5+deb7u1_all.deb
35b6107b9ffc78aa69d8a5cd4a397e8ca9a04a6c4ad3bdd563885ece2dd314f2 4484980
lemonldap-ng-doc_1.1.2-5+deb7u1_all.deb
fe2999f1259d1457c6ef9a2cd8ad14ec793608b269323db481ab8a18b59c8a2d 109374
liblemonldap-ng-handler-perl_1.1.2-5+deb7u1_all.deb
d328872b54c65134c5f036145879310b14cb9056f799305c3890b7819ef991b5 85632
liblemonldap-ng-conf-perl_1.1.2-5+deb7u1_all.deb
3fed0983ae83efe0f224dab1e203c90b8849fbc2d3dd5a87b8262222a2105a31 262146
liblemonldap-ng-manager-perl_1.1.2-5+deb7u1_all.deb
ab1686f8e8a4ddf7133ce8ffd82e7e25c68d529c9ba0c0615181873cb22cae33 482462
liblemonldap-ng-portal-perl_1.1.2-5+deb7u1_all.deb
Files:
605856a0b90b61e3d9b8e9b58fd28731 2561 perl extra
lemonldap-ng_1.1.2-5+deb7u1.dsc
19608882a6d05ca05bb775849d19d5bb 19476 perl extra
lemonldap-ng_1.1.2-5+deb7u1.debian.tar.gz
10f78018c51a5f8a9ce6bdb68d22e6db 17938 perl extra
lemonldap-ng_1.1.2-5+deb7u1_all.deb
924e2d185afa795efee77876ce6391c6 4484980 doc extra
lemonldap-ng-doc_1.1.2-5+deb7u1_all.deb
ae25800384e9b3b76004799a896d1797 109374 perl extra
liblemonldap-ng-handler-perl_1.1.2-5+deb7u1_all.deb
1109768f3ad4534396d24f21eeb11c8b 85632 perl extra
liblemonldap-ng-conf-perl_1.1.2-5+deb7u1_all.deb
2f0886389b383999de816be7c1a26a34 262146 perl extra
liblemonldap-ng-manager-perl_1.1.2-5+deb7u1_all.deb
63754cfa5bce8aa6b63c285f92a22417 482462 perl extra
liblemonldap-ng-portal-perl_1.1.2-5+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQ2LkZAAoJELs6aAGGSaoGeXkP/iFE3vrUBTWLhpU8CIw2xWmv
9On9jtYXb6ViWFpPpTXEvKOp6p/vysGfGwb7A7RYmRjH6PqiZb+IusSN/SDnp8av
UPaBL+Q925Jw6SggtD8mrP0mvTvEPZg6y9U1gO3ukGmeLTi33gB/6RFt673l8nKy
URuR/Yqlx3lReeCCOl/m3CDdxWUy6z+wbGtPO6U5HxrTQt+TvLtU6sbh9Yifwy8m
WPG/83NBEbtn5wuh3oUE28AKORVZVncMo/Y59/maqeVOlzicX4wqqe4qg+Deo8Px
EoEvvMDekPfBcQWGHfDqlBBm9oNXoi40DgCe3eZCJ1UiximebjJKwDK870f5x0XG
Jkk2diftQ4PfcnFVtEsosiedtnyPZef2VL6J0MgyTf7FbKEoJrmUZGz4a+lsCDeS
Q7W+vyqilhmTRETlfOiIw8ZSCgsmhNHvuyDmmQzhDASRZoM3dukt2XlNWrAzl5tP
pOa/fKCoKm/g99xJjlHQ8D/+i+keMaO0iXJn6LObWjUDlhuHgbMOQcd8NBCHRLdB
8MWYuEA0CURWfS7YerQQP6JwTHA3j0DqtMAk4kTSs8omD3UT2NHx1MpZd6f+umza
jTDxuXlmChokbba/oTtpNFUYdssSrWkjyhiMleOLAaXwRGlGGXpdzc3wdQ2LwiRZ
kdaaQZjrWKyHG50aSj5j
=DQLE
-----END PGP SIGNATURE-----
--- End Message ---