-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : lemonldap-ng Version : 1.3.3-1+deb9u1 CVE ID : CVE-2019-12046 Debian Bug : 928944
Erratum: bad versions An attack vector was discovered by lemonldap-ng developers. When the SAML or CAS service provider is enable and the administrator has chosen to store SAML/CAS tokens in the session database, an attacker can open an anonymous session to connect to any protected application that does not have specific access rules. For Debian 8 "Jessie", this problem has been fixed in version 1.3.3-1+deb9u1. We recommend that you upgrade your lemonldap-ng packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAlzgWiQACgkQ9tdMp8mZ 7ulIEQ/+IqGPDKx4jthbTsL8leSysxw8JpgUwyJ6iWOGQ68nP05W08Ldhd47mT33 NW+bFfoYYBdu3UDVCytIHAHBDu5LD7ekhWJ6kLGvGK/NALoQ1P8RmO9xTVIJpgjV SVr17IkHbspy8ZFkuHk/kOu0tmbU/C7SeaNVbGwXpoNv3yQgTucspcLLXsBJ7nEk GDjUCYLiPi7v7zrPEAq4SFlBFiCfQ6T39FhWkYBM5Pt00TCPa5vB8zIQ8Bgepy5A WJpJiVTZSxhVjQLpEluzy2cFrGmeUuWvZvWK3N/DDAGo+KV6j0365M3S6hb5UHuE jCYBJ/3KRTaISYHr8GAgAmLCeS2WGAnUb+gYkD7xq5gYSpz0vtaN6C6tlB9RXHdx 7exel6e1lcWn1NuQl2CxqByRo/FDYDtCfHMjSWSKCYB4auHHRWsi6unvpRSD8tkK Vt2T88nKMjlvYClD7ykk2OXNbiann2vWBlzlYVPL3T4Bpm9P0RJlGXMYnvqopbd5 EfyxrhSGJbxhOcs5bn54XY9UJKfPZxaeE67Oab4iSpVytDR6wwXskuPw98rM4H8y NgmkL/xe0z+5DoMuULfmT5FkHodBHt8kvk4gJYPj+zFk9yPcZlf93svDJE/vvQxI 4RhIoPJVfAAxLidit+xF9eIXviFZw84KkPeOqHtsxfbMWo4E5UA= =vw2j -----END PGP SIGNATURE-----
