Accepted lemonldap-ng 2.0.2+ds-7+deb10u8 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted lemonldap-ng 2.0.2+ds-7+deb10u8 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 28 Jan 2023 14:40:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: lemonldap-ng_2.0.2+ds-7+deb10u8_source.changes
- Debian-source: lemonldap-ng
- Debian-suite: oldstable
- Debian-version: 2.0.2+ds-7+deb10u8
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=Oh2sNx+pasHbm455pPh4UnCZYX+CZqtS4VdxRYfFTvE=; b=P9YeudK2S7mA0YtmU2sl1c060/ y1chvlbaJilOQ8yinuEb0Zf83YukTjimJaw1pyMGyl0BD+jvKCZXSR6Wd2nG7E9bDw3kHwisJP7vd jYxkbsLHhbv4n7bcuerZgv6q12LL3SYW+sOeHvKfbFAt3ZggNtJWNkQCUcUn5WjTJn+DfmZTOcd/I C3rUPGEv5HnTYE6u6bbBTefoNDEQxnzqLrh2CJEhff0CFMVGo69b5bA7xmu8TGJ2LdZABZhCOz7rT +/GFKFKezVosTtc5yS07XLVYgQ+JYTYGJkWvP7SOKoRLNguSkFQSbnL10C0uJPrO/qggcAkjLeKhf WQ5DB6Yg==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pLmNP-003WqM-AO@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 28 Jan 2023 13:28:36 +0100
Source: lemonldap-ng
Architecture: source
Version: 2.0.2+ds-7+deb10u8
Distribution: buster-security
Urgency: high
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
lemonldap-ng (2.0.2+ds-7+deb10u8) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2020-16093: Validity of the X.509 certificate is not checked by
default when connecting to remote LDAP backends, because the default
configuration of the Net::LDAPS module for Perl is used.
* Add d/NEWS entry warning users of a potential regression due to the fix
for the above (enforcing validation by default will breaks setups using a
self-signed certificate, for instance).
* CVE-2022-37186: Session destroyed on portal but still valid on handlers.
Checksums-Sha1:
3341ebb5600f446c48e13d3c80acda6b29b5a3a3 3878 lemonldap-ng_2.0.2+ds-7+deb10u8.dsc
c8a4da391a89d123ca29304638ab5a51ac764184 85076 lemonldap-ng_2.0.2+ds-7+deb10u8.debian.tar.xz
fd8ab6bceae25247bf1b0027f225222b9c5e58a8 18012 lemonldap-ng_2.0.2+ds-7+deb10u8_amd64.buildinfo
Checksums-Sha256:
b19146ae180f45ca25940d1f0ac6624937ab3ccc7a6b8c96987d860a1b3e1f10 3878 lemonldap-ng_2.0.2+ds-7+deb10u8.dsc
4bf384a5fbf732879f8a5c9ac0818a968f451cfa9b655ab9a3c31b1d1ac4c6e4 85076 lemonldap-ng_2.0.2+ds-7+deb10u8.debian.tar.xz
18c14f49a2113b279bc6009cb4023c0f7a61139fa093e213ecddaebd1c24f0a2 18012 lemonldap-ng_2.0.2+ds-7+deb10u8_amd64.buildinfo
Files:
1c5c110f67fd5e731f467befc40ee256 3878 perl optional lemonldap-ng_2.0.2+ds-7+deb10u8.dsc
194d7217bff9707af820d18f54a6d796 85076 perl optional lemonldap-ng_2.0.2+ds-7+deb10u8.debian.tar.xz
514bb45470712cf67e3775eae0382e49 18012 perl optional lemonldap-ng_2.0.2+ds-7+deb10u8_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmPVFaAACgkQ05pJnDwh
pVLAhBAAh1DvBtE/qA5Cw4hhBThWWpa3IrLX0TTojgwPCKt8IzgzGSmE+JyX0vg5
flPxBTO+tt3M6+KZqnCfNN8MgeUugTPxaX6qMGkw+T9orPUTfUbT76hG6Wrkr4vK
VWkPGdtLHYolXyiHPIImAocjtw0Vog1Pci4vcaO4SrP+QEpaEXjuvBFq2jO11rDj
e24WzRGUINW4qu3rAoTQ1l3F1zfPxeEaGICb4Ufh91Dgmxx+zYfaofFuRoRs+2Eo
yqmax101dSOnCihb+MmqnN/c40vEQWDSmbmYaqUcuY58w77DL3OpLK9ewG67mM5+
YW+kLtZES2INbEmMd9qGUB2r6DrEeZFfFgw3ZCp5j/bGrqmjTkb70VE+b+wza9UH
yf0NngsSrgQfkF6P75tuHGYMjgzJa9CRExUOBvUvvBPYxGfbSx09koHdU0NhD/AA
b+zYROqmzxPvUmYOFQpoG2tb3kY0xmaHcQBhEbVEHo//s1n0SEWOWmnYuMNdIcWf
n+cPw4MhQQcUZ1SmbHi0OBAmQ1uIqd5f/MN7kc0T28d4q5XutvGaEjuOOBBfEImL
CrYfVtHapiWdaIbpPY0ItR3XnFjRPTqisfidPI1a6txqeiB+J1HbBiO4OKuM11cn
+X7GSqr4R7ImFyuzL8XJFCt+ehHU9qfWGO+OQG/nHBb71Dt3ouM=
=mOaS
-----END PGP SIGNATURE-----