[Git][security-tracker-team/security-tracker][master] Add assigned CVE for lemonldap-ng

[Salvatore Bonaccorso]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0d084833 by Salvatore Bonaccorso at 2019-06-29T07:09:37Z
Add assigned CVE for lemonldap-ng

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -129,12 +129,14 @@ CVE-2018-20845 (Division-by-zero vulnerabilities in the functions pi_next_pcrl,
 	TODO: check
 CVE-2018-20844
 	RESERVED
-CVE-2019-XXXX [XXE vulnerability in SOAP notification server]
+CVE-2019-13031 [XXE vulnerability in SOAP notification server]
 	- lemonldap-ng 2.0.0+ds-1 (bug #931117)
 	[stretch] - lemonldap-ng <no-dsa> (Minor issue, can be fixed via point release, notification server not enabled by default)
-	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1818
+	NOTE: Upstream issue: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1820
+	NOTE: Issue explained in: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues/1818
 	NOTE: 2.0.0 upstream replaced the (old) feature with a new REST/JSON service, and
 	NOTE: added a "oldXMLFormat" option which is functionwise broken up to 2.0.5.
+	NOTE: By default the notification server is not enabled and has a 'deny all' rule.
 CVE-2019-12965
 	RESERVED
 CVE-2019-12964 (LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d0848338dd409154ecb0eeb69b6a33afabe8f77

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0d0848338dd409154ecb0eeb69b6a33afabe8f77
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190629/5f7d3d35/attachment.html>