Debian 10261 Published by

A lemonldap-ng update has been released for Debian GNU/Linux 8 LTS



Package : lemonldap-ng
Version : 1.3.3-1+deb8u2
CVE ID : CVE-2019-13031
Debian Bug : #931117

It was discovered that there was a XML external entity vulnerability
in the lemonldap-ng single-sign on system. This may have led to the
disclosure of confidential data, denial of service, server side
request forgery, port scanning, etc.

For Debian 8 "Jessie", this issue has been fixed in lemonldap-ng version
1.3.3-1+deb8u2.

We recommend that you upgrade your lemonldap-ng packages.