Bug#696329: lemonldap-ng: CVE-2012-6426: SAML messages signatures are not verified
Henri Salo
henri at nerv.fi
Wed Dec 19 14:56:34 UTC 2012
Package: lemonldap-ng
Version: 1.2.2-2
Severity: important
Tags: security
Description: Due to a bad use of Lasso library, SAML signatures are never checked, even if we force signature check. Anyone using SAML binding in LemonLDAP::NG should apply it quick and upgrade to 1.2.3 as soon as it will be released.
Bug: http://jira.ow2.org/browse/LEMONLDAP-570
Patch: http://jira.ow2.org/secure/attachment/11153/lemonldap-ng-saml-signature-verification.patch
CVE request http://www.openwall.com/lists/oss-security/2012/12/19/6
Checked from code that this is not yet patched in unstable.
- Henri Salo
More information about the pkg-perl-maintainers
mailing list