-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ---------------------------------------------------------------------- Debian LTS Advisory DLA-2367-1 [email protected] https://www.debian.org/lts/security/ Xavier Guimard September 07, 2020 https://wiki.debian.org/LTS - ----------------------------------------------------------------------
Package : lemonldap-ng Version : 1.9.7-3+deb9u4 CVE ID : CVE-2020-24660 lemonldap-ng community fixed a vulnerability in the Nginx default configuration files (CVE-2020-24660). Debian package does not install any default site, but documentation provided insecure examples in Nginx configuration before this version. If you use lemonldap-ng handler with Nginx, you should verify your configuration files. For Debian 9 stretch, this problem has been fixed in version 1.9.7-3+deb9u4. We recommend that you upgrade your lemonldap-ng packages. For the detailed security status of lemonldap-ng please refer to its security tracker page at: https://security-tracker.debian.org/tracker/lemonldap-ng Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAl9WWb0ACgkQ9tdMp8mZ 7um/vw//QEc8JHXb+UUfyRg6QZo7HtgHAd3sDPpNeKdr4A4U5GtSh/XukNKvXo4E BsnSDWeg2fCvoNV7RtX1b1kG276QMSHpbAN8473sjyGoG1IlKO31I8hAmV1Dp/2C 7gDlolfWZqUs74IgVI4Hv+PzG14UfFSbXGJ3tKhIjE1xY7PolcUFWY2nltIAwwbf ejpHlkTWyPQVszfhk8oCGdEWVZPZQNht4RcV6JV2HINSqWZi6pM6GvAJlahYrGkp pi0EzCyZoJ/IIYeSWQz96LvDZDWEJPcuzikc+vKnazHzy27aA1oqKC7yYo7m57zm NjkrUe0WBDYw9NyvdPRFkwa0VANhLa8n1Tp3Xq6gEl7cUkFubS4iS73EFtuu1AeR plxi388nbU7Hkb8iN1AEA5cs+TyBMFITMDZPw6/60b6zblEJXLK4WyCwuPTtf++Z kBv8FVzhnE5HwaEdFSiiZMj9cS16hAIar9dbmsijXs9Rwj/hsSj40hwZT5/Ax8Iu rWxiJPhy/x0e1J0H7kHalLKceqSsqUw5wDLtRXD1YPpnDjixVStq/rMLpWDgdeTW GWb0/fNfiVb7NHApbwccAxqAW6IIZzLJAvWzAyNS6TbKt+WoTD5dE9XQjikYXx52 JzGi3mq3SGLzGUrZL2EaL/TI3pERiLNn6HZOpprXWcIlM//OwRQ= =+BzJ -----END PGP SIGNATURE-----
