Package: lemonldap-ng Version: 1.2.2-2 Severity: important Tags: security Description: Due to a bad use of Lasso library, SAML signatures are never checked, even if we force signature check. Anyone using SAML binding in LemonLDAP::NG should apply it quick and upgrade to 1.2.3 as soon as it will be released.
Bug: http://jira.ow2.org/browse/LEMONLDAP-570 Patch: http://jira.ow2.org/secure/attachment/11153/lemonldap-ng-saml-signature-verification.patch CVE request http://www.openwall.com/lists/oss-security/2012/12/19/6 Checked from code that this is not yet patched in unstable. - Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org