| Release | Version |
|---|---|
| jessie | 1.3.3-1 |
| jessie (security) | 1.3.3-1+deb8u2 |
| stretch | 1.9.7-3+deb9u2 |
| stretch (security) | 1.9.7-3+deb9u1 |
| buster | 2.0.2+ds-7+deb10u2 |
| bullseye | 2.0.7+ds-4 |
| sid | 2.0.7+ds-4 |
| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2019-19791 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Apache access rules and SOAP/REST endpoints issue |
| CVE-2019-15941 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an ... |
| Bug | Description |
|---|---|
| CVE-2019-13031 | LemonLDAP::NG before 1.9.20 has an XML External Entity (XXE) issue whe ... |
| CVE-2019-12046 | LemonLDAP::NG -2.0.3 has Incorrect Access Control. ... |
| CVE-2012-6426 | LemonLDAP::NG before 1.2.3 does not use the signature-verification cap ... |
| DSA / DLA | Description |
|---|---|
| DSA-4533-1 | lemonldap-ng - security update |
| DLA-1844-1 | lemonldap-ng - security update |
| DLA-1790-1 | lemonldap-ng - security update |
| DSA-4446-1 | lemonldap-ng - security update |