[Git][security-tracker-team/security-tracker][master] Reserve DLA-4602-1 for lemonldap-ng

Abhijith PA (@abhijith) abhijith at debian.org
Thu May 28 09:27:11 BST 2026 


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
220942b0 by Abhijith PA at 2026-05-28T13:56:48+05:30
Reserve DLA-4602-1 for lemonldap-ng

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -117119,7 +117119,6 @@ CVE-2025-59518 (In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21
 	- lemonldap-ng 2.21.3+ds-1
 	[trixie] - lemonldap-ng 2.21.2+ds-1+deb13u1
 	[bookworm] - lemonldap-ng 2.16.1+ds-deb12u7
-	[bullseye] - lemonldap-ng <postponed> (Minor issue; can be piggybacked with future DLA)
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3462
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3470
 	NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/6e86f70be5499d09dfaaff307632be8a10f7e58f (v2.21.3)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[28 May 2026] DLA-4602-1 lemonldap-ng - security update
+	{CVE-2024-52948 CVE-2025-59518}
+	[bullseye] - lemonldap-ng 2.0.11+ds-4+deb11u8
 [26 May 2026] DLA-4601-1 memcached - security update
 	{CVE-2026-47783 CVE-2026-47784}
 	[bullseye] - memcached 1.6.9+dfsg-1+deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -284,14 +284,6 @@ krb5 (eamanu)
 ldap-account-manager
   NOTE: 20260418: Added by Front-Desk (rouca)
 --
-lemonldap-ng
-  NOTE: 20250813: Added by Front-Desk (lamby)
-  NOTE: 20250813: CVE-2024-52948 was marked as <postponed>, but fixed in bookworm. (lamby)
-  NOTE: 20251009: Backporting CVE-2024-52948 (abhijith)
-  NOTE: 20251028: Still working in CVE-2024-52948 (abhijith)
-  NOTE: 20251229: Asked yadd (maintainer of package) for help (abhijith)
-  NOTE: 20260504: Maintainer prepared fix for CVE-2025-59518 (abhijith)
---
 libcaca
   NOTE: 20260519: Added by Front-Desk (Beuc)
   NOTE: 20260519: Fix unstable first. (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/220942b0e85f6c430e27c453449ef6f9304b06f0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/220942b0e85f6c430e27c453449ef6f9304b06f0
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260528/ce01e131/attachment.htm>

More information about the debian-security-tracker-commits mailing list