-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : lemonldap-ng Version : 1.3.3-1+deb8u2 CVE ID : CVE-2019-13031 Debian Bug : #931117
It was discovered that there was a XML external entity vulnerability in the lemonldap-ng single-sign on system. This may have led to the disclosure of confidential data, denial of service, server side request forgery, port scanning, etc. For Debian 8 "Jessie", this issue has been fixed in lemonldap-ng version 1.3.3-1+deb8u2. We recommend that you upgrade your lemonldap-ng packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0d/UMACgkQHpU+J9Qx Hlj0VxAAsYAiH43oUyuJ6fUSPLPVrW8fKiP/xnrj4++cf4o3rCcyfbO8yHGrbHnR t+LlUNnFELGHHxNWWN+PoJlgHqBKtdoCQrRAF/u+MQJjB7+NSCc5uGadHd0607TE 2nHYCYueETBoWJ9PxUL16IrAwKTr/orz20wNCWRqwa9AR0OeQ6lubLuYT5AgNLGd CbrwxhkNF1jyA6QFgr1aJjZuVGm/I/6Z3anu7BdWzb5yZDjvK3IYB/BIH7Fe+plY 6ilVtrYII/+oGTEBOTuAHhBjNxMxXtb4LBauTz9v9NNeHBXO0Yu7j/O1PuYS2g9d RegRd2Aiq2AIddCAH3WUfqej8v3iZCxl1Uyvh6TSIgsfhN71cvtzryoqEnV00taY Q6pDVOCJE061qH1bck7noyiW6GpyZmgwFHogzW2S//WjZnqTYzZP9IaTPm+Vveo8 YY3y2z48PzJL59xknpKv3SMuAd1FuBKjWQi/XaX84YpImPjdP8AijfGnQBRqR+ON vEHphMciUufg+IWEAOQfhbxPzGMsFbxEM00u2DRXpY6RUFPjAjIseUEvpU86o46w 3kJTN9etn75Uf+jNPu1jnL5vEipsegwu1cOdsftT7Do9aWDWd4mF7FGD9cUYyd/y 1KuHMdMEta6uTdVQ5FJZLOqxEBu41pI9PlfGJv5fA4m8/az8JgU= =oant -----END PGP SIGNATURE-----