-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Jan 2023 17:23:38 +0100 Source: libapache-session-ldap-perl Architecture: source Version: 0.4-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Changes: libapache-session-ldap-perl (0.4-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2020-36658: Validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. This upload changes the default behavior to require X.509 validation against the distribution bundle /etc/ssl/certs/ca-certificates.crt. Previous behavior can reverted by setting `ldapVerify => "none"` when initializing the Apache::Session::LDAP object. Checksums-Sha1: dece0be5c078f8d2fe4443bf8b51532e27e7a174 2259 libapache-session-ldap-perl_0.4-1+deb10u1.dsc 0c90bb47f5a023a81579bfb56b409205f820831b 3902 libapache-session-ldap-perl_0.4.orig.tar.gz 97014f580d41b9badd367e00b48b6d19bdd37fec 3568 libapache-session-ldap-perl_0.4-1+deb10u1.debian.tar.xz 82ae00a98693ccedd35a20fb2e748d6daebf3c3b 5836 libapache-session-ldap-perl_0.4-1+deb10u1_amd64.buildinfo Checksums-Sha256: e5c6087ac1b395e3f16a5efd3fa5671b8b8b228658c75f502b00f19f48ea769f 2259 libapache-session-ldap-perl_0.4-1+deb10u1.dsc 394ad609a12d4f8290cb96797cc7251b614664a2cc28be8da9ac9d53df62dadc 3902 libapache-session-ldap-perl_0.4.orig.tar.gz 6a2c5c9d934bbea7a91d0d7d1f399fb4f1cb3f3b14b0852da4ac94c340d6b5b8 3568 libapache-session-ldap-perl_0.4-1+deb10u1.debian.tar.xz 4bab8b15d0413b7391ccb8509a392c2a5107e2e8770a6367e982958349536307 5836 libapache-session-ldap-perl_0.4-1+deb10u1_amd64.buildinfo Files: c13e2c967223ffedfdc45ed5b7b9d1d6 2259 perl optional libapache-session-ldap-perl_0.4-1+deb10u1.dsc 491e6389ef71822c0eeda7fe4019a569 3902 perl optional libapache-session-ldap-perl_0.4.orig.tar.gz 093c0cf8772564c36d71894b22e92077 3568 perl optional libapache-session-ldap-perl_0.4-1+deb10u1.debian.tar.xz 48afad144f34e4de77904b08efe471c0 5836 perl optional libapache-session-ldap-perl_0.4-1+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmPT+rUACgkQ05pJnDwh pVLz2hAAzbBdL7Ojsu9Ry/2XAfdPKeJ2TFgYKRe8RP+F1Vg+c8F7KcTyUpGnujDc ivgjnl/vwwDHjVyLKmFSY3ITJqkQniObTC/nREIC8wrxRUWx2BEMXtQbR0l+BF7r lJAT6VJTyljiehvogjA8GQktn9HBwg8Sb289OtJwz6g0/bvcnuaEwBDIgYV6zhvE YG3grxqfPelzRkS+uNW+lNosSx/J1jWltCQpK4LR7d+m4+9qTSpdcz2GBE8V6avZ fDUn6zfkOuapTsMNdOZ8Hsvw+Itpk/PcVzke8bDmWWIj9cdDHo14GSu9XDh4CWyS 2DliCfluHkLzj+GEjZrHkaLA2OdbTNkPNxjF3gLxHvJlgTVHm8rYts0FeCjUbhpZ icKqHSoPKnOT94+IIpkXcK5kWrVEfRskTw3Lo4H7p2izqSHqUY3udMhxbuFn12LQ R1oqT0GwegI3Dh/p5E4zRHVH1gAHwPrnAeDIMrLJiLTM0qv7XXWeovF5YyA/hxhD /Uvy/0wo6b2Kj0qryFEzXaD44xyBdY+KtcB0N18/TRRYiyd9LS8ba4VKNhnEyW4S QJuM2O8d55yOT3NzJKI1N/Kj5qCM87Ef7xCf3e4Sm6xXCxplZdhVkK5Ddnit2ePl 2QZ8ETWQ6GqQ82jri3cA4xWYR4pdBZkmKwstR1d1v7JGfh2EP7I= =ag8U -----END PGP SIGNATURE-----