lemonldap-ng - Debian Package Tracker

general

source: lemonldap-ng (main)
version: 2.23.0+ds-4
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: Yadd [DMD]
arch: all
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.11+ds-4+deb11u5
o-o-sec: 2.0.11+ds-4+deb11u8
oldstable: 2.16.1+ds-deb12u8
old-sec: 2.16.1+ds-deb12u6
old-bpo: 2.21.3+ds-1~bpo12+1
stable: 2.21.2+ds-1+deb13u2
stable-bpo: 2.23.0+ds-3~bpo13+1
testing: 2.23.0+ds-4
unstable: 2.23.0+ds-4

versioned links

2.0.11+ds-4+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.11+ds-4+deb11u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.16.1+ds-deb12u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.16.1+ds-deb12u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.21.2+ds-1+deb13u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.21.3+ds-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.23.0+ds-3~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.23.0+ds-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

lemonldap-ng
lemonldap-ng-doc
lemonldap-ng-fastcgi-server
lemonldap-ng-handler
lemonldap-ng-uwsgi-app
liblemonldap-ng-common-perl
liblemonldap-ng-handler-perl
liblemonldap-ng-manager-perl (1 bugs: 0, 1, 0, 0)
liblemonldap-ng-portal-perl (1 bugs: 0, 1, 0, 0)
liblemonldap-ng-ssoaas-apache-client-perl

action needed

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2026-12804: A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that "it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low."

Created: 2026-06-22 Last update: 2026-06-23 04:30

1 security issue in forky high

There is 1 open security issue in forky.

1 important issue:

CVE-2026-12804: A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that "it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low."

Created: 2026-06-22 Last update: 2026-06-23 04:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2026-12804: A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that "it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low."

Created: 2026-06-22 Last update: 2026-06-23 04:30

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2026-12804: A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that "it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low."

Created: 2026-06-22 Last update: 2026-06-23 04:30

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2026-06-09 Last update: 2026-06-25 20:02

Depends on packages which need a new maintainer normal

The packages that lemonldap-ng depends on which need a new maintainer are:

lasso (#1140373)
- Suggests: liblasso-perl
- Build-Depends-Indep: liblasso-perl

Created: 2026-06-19 Last update: 2026-06-25 19:30

lintian reports 17 warnings normal

Lintian reports 17 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2026-05-31 Last update: 2026-05-31 10:30

1 low-priority security issue in trixie low

There is 1 open security issue in trixie.

1 issue left for the package maintainer to handle:

CVE-2026-12804: (needs triaging) A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that "it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low."

You can find information about how to handle this issue in the security team's documentation.

Created: 2026-06-22 Last update: 2026-06-23 04:30

Issues found with some translations low

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-05-30 Last update: 2026-05-30 15:03

news

[rss feed]

[2026-06-09] lemonldap-ng 2.23.0+ds-4 MIGRATED to testing (Debian testing watch)
[2026-06-06] Accepted lemonldap-ng 2.23.0+ds-4 (source) into unstable (Xavier Guimard)
[2026-06-05] Accepted lemonldap-ng 2.23.0+ds-3~bpo13+1 (source) into stable-backports (Xavier Guimard)
[2026-06-05] lemonldap-ng 2.23.0+ds-3 MIGRATED to testing (Debian testing watch)
[2026-05-30] Accepted lemonldap-ng 2.23.0+ds-3 (source) into unstable (Xavier Guimard)
[2026-05-30] Accepted lemonldap-ng 2.23.0+ds-2 (source) into unstable (Xavier Guimard)
[2026-05-29] Accepted lemonldap-ng 2.23.0+ds-1 (source) into unstable (Xavier Guimard)
[2026-05-28] Accepted lemonldap-ng 2.0.11+ds-4+deb11u8 (source) into oldoldstable-security (Xavier Guimard) (signed by: Abhijith PA)
[2026-05-03] Accepted lemonldap-ng 2.16.1+ds-deb12u8 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2026-05-03] Accepted lemonldap-ng 2.21.2+ds-1+deb13u2 (source) into proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2026-04-22] Accepted lemonldap-ng 2.22.3+ds-1~bpo13+1 (source) into stable-backports (Xavier Guimard)
[2026-04-22] lemonldap-ng 2.22.3+ds-1 MIGRATED to testing (Debian testing watch)
[2026-04-20] Accepted lemonldap-ng 2.22.3+ds-1 (source) into unstable (Xavier Guimard)
[2026-02-08] Accepted lemonldap-ng 2.22.2+ds-1~bpo13+1 (source) into stable-backports (Yadd) (signed by: Xavier Guimard)
[2026-02-06] lemonldap-ng 2.22.2+ds-1 MIGRATED to testing (Debian testing watch)
[2026-02-03] Accepted lemonldap-ng 2.22.2+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-12-26] Accepted lemonldap-ng 2.16.1+ds-deb12u7 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2025-12-05] Accepted lemonldap-ng 2.22.1+ds-1~bpo13+1 (source) into stable-backports (Yadd) (signed by: Xavier Guimard)
[2025-11-30] lemonldap-ng 2.22.1+ds-1 MIGRATED to testing (Debian testing watch)
[2025-11-27] Accepted lemonldap-ng 2.22.1+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-11-02] Accepted lemonldap-ng 2.21.2+ds-1+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2025-10-20] Accepted lemonldap-ng 2.22.0+ds-2~bpo13+1 (source) into stable-backports (Yadd) (signed by: Xavier Guimard)
[2025-10-20] lemonldap-ng 2.22.0+ds-2 MIGRATED to testing (Debian testing watch)
[2025-10-18] Accepted lemonldap-ng 2.22.0+ds-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-10-18] Accepted lemonldap-ng 2.22.0+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-09-13] Accepted lemonldap-ng 2.21.3+ds-1~bpo13+1 (source all) into stable-backports (Debian FTP Masters) (signed by: Xavier Guimard)
[2025-09-12] Accepted lemonldap-ng 2.21.3+ds-1~bpo12+1 (source) into oldstable-backports (Yadd) (signed by: Xavier Guimard)
[2025-09-11] lemonldap-ng 2.21.3+ds-1 MIGRATED to testing (Debian testing watch)
[2025-09-08] Accepted lemonldap-ng 2.21.3+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-09-08] lemonldap-ng 2.21.2+ds-2 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 17)
buildd: logs, reproducibility
popcon
browse source code
other distros
security tracker
screenshots
l10n (99, -)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.23.0+ds-4