[Git][security-tracker-team/security-tracker][master] Mark CVE-2022-37186/lemonldap-ng as no-dsa
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Sun Sep 11 20:02:10 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e8aafa8f by Salvatore Bonaccorso at 2022-09-11T20:59:32+02:00
Mark CVE-2022-37186/lemonldap-ng as no-dsa
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -8041,6 +8041,7 @@ CVE-2022-37187
CVE-2022-37186 [Session destroyed on portal but still valid on handlers]
RESERVED
- lemonldap-ng 2.0.15+ds-1
+ [bullseye] - lemonldap-ng <no-dsa> (Minor issue; user activity tracking by handles disabled by default)
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2758
NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/59c781b393947663ad3bf26bad0581413dd6fae4 (v2.0.15)
CVE-2022-37185 (SQL injection vulnerability exists in the school information query int ...)
=====================================
data/next-point-update.txt
=====================================
@@ -20,3 +20,5 @@ CVE-2021-24119
[bullseye] - mbedtls 2.16.12-0+deb11u1
CVE-2021-44732
[bullseye] - mbedtls 2.16.12-0+deb11u1
+CVE-2022-37186
+ [bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u2
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8aafa8f3d2147b167d2585dbbc5a4fa8ada356a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e8aafa8f3d2147b167d2585dbbc5a4fa8ada356a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220911/b0348257/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list