lemonldap-ng - Debian Package Tracker

general

source: lemonldap-ng (main)
version: 2.22.0+ds-2
maintainer: Debian Perl Group (archive) (DMD) (LowNMU)
uploaders: Yadd [DMD]
arch: all
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.0.11+ds-4+deb11u5
o-o-sec: 2.0.11+ds-4+deb11u7
oldstable: 2.16.1+ds-deb12u6
old-sec: 2.16.1+ds-deb12u6
old-bpo: 2.21.3+ds-1~bpo12+1
stable: 2.21.2+ds-1
stable-bpo: 2.22.0+ds-2~bpo13+1
stable-p-u: 2.21.2+ds-1+deb13u1
testing: 2.22.0+ds-2
unstable: 2.22.0+ds-2

versioned links

2.0.11+ds-4+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.11+ds-4+deb11u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.16.1+ds-deb12u6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.21.2+ds-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.21.2+ds-1+deb13u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.21.3+ds-1~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.22.0+ds-2~bpo13+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.22.0+ds-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

lemonldap-ng
lemonldap-ng-doc
lemonldap-ng-fastcgi-server
lemonldap-ng-handler
lemonldap-ng-uwsgi-app
liblemonldap-ng-common-perl
liblemonldap-ng-handler-perl
liblemonldap-ng-manager-perl (1 bugs: 0, 1, 0, 0)
liblemonldap-ng-portal-perl (1 bugs: 0, 1, 0, 0)
liblemonldap-ng-ssoaas-apache-client-perl

action needed

3 security issues in bullseye high

There are 3 open security issues in bullseye.

1 important issue:

CVE-2024-52948:

2 issues postponed or untriaged:

CVE-2025-59518: (postponed; to be fixed through a stable update) In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
TEMP-0000000-5C6A59: (postponed; to be fixed through a stable update)

Created: 2025-08-14 Last update: 2025-10-20 03:47

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2025-11-07 Last update: 2025-11-10 03:31

lintian reports 19 warnings normal

Lintian reports 19 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2025-10-18 Last update: 2025-10-18 21:01

2 low-priority security issues in trixie low

There are 2 open security issues in trixie.

2 issues left for the package maintainer to handle:

CVE-2025-59518: (needs triaging) In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.
TEMP-0000000-5C6A59: (needs triaging)

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-09-13 Last update: 2025-10-20 03:47

1 low-priority security issue in bookworm low

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

TEMP-0000000-5C6A59: (needs triaging)

You can find information about how to handle this issue in the security team's documentation.

1 issue that should be fixed with the next stable update:

CVE-2025-59518: In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize _ during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server.

Created: 2025-09-13 Last update: 2025-10-20 03:47

news

[rss feed]

[2025-11-02] Accepted lemonldap-ng 2.21.2+ds-1+deb13u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2025-10-20] Accepted lemonldap-ng 2.22.0+ds-2~bpo13+1 (source) into stable-backports (Yadd) (signed by: Xavier Guimard)
[2025-10-20] lemonldap-ng 2.22.0+ds-2 MIGRATED to testing (Debian testing watch)
[2025-10-18] Accepted lemonldap-ng 2.22.0+ds-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-10-18] Accepted lemonldap-ng 2.22.0+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-09-13] Accepted lemonldap-ng 2.21.3+ds-1~bpo13+1 (source all) into stable-backports (Debian FTP Masters) (signed by: Xavier Guimard)
[2025-09-12] Accepted lemonldap-ng 2.21.3+ds-1~bpo12+1 (source) into oldstable-backports (Yadd) (signed by: Xavier Guimard)
[2025-09-11] lemonldap-ng 2.21.3+ds-1 MIGRATED to testing (Debian testing watch)
[2025-09-08] Accepted lemonldap-ng 2.21.3+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-09-08] lemonldap-ng 2.21.2+ds-2 MIGRATED to testing (Debian testing watch)
[2025-09-05] Accepted lemonldap-ng 2.21.2+ds-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-08-07] Accepted lemonldap-ng 2.21.2+ds-1~bpo12+1 (source) into stable-backports (Yadd) (signed by: Xavier Guimard)
[2025-08-03] lemonldap-ng 2.21.2+ds-1 MIGRATED to testing (Debian testing watch)
[2025-07-11] Accepted lemonldap-ng 2.21.2+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-07-01] Accepted lemonldap-ng 2.21.1+ds-1~bpo12+1 (source) into stable-backports (Yadd) (signed by: Xavier Guimard)
[2025-07-01] lemonldap-ng 2.21.1+ds-1 MIGRATED to testing (Debian testing watch)
[2025-06-11] Accepted lemonldap-ng 2.21.1+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-06-03] lemonldap-ng 2.21.0+ds-4 MIGRATED to testing (Debian testing watch)
[2025-05-13] Accepted lemonldap-ng 2.21.0+ds-4 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-05-12] lemonldap-ng 2.21.0+ds-3 MIGRATED to testing (Debian testing watch)
[2025-05-01] Accepted lemonldap-ng 2.21.0+ds-3 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-04-13] Accepted lemonldap-ng 2.16.1+ds-deb12u6 (source all) into proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2025-04-10] Accepted lemonldap-ng 2.21.0+ds-2~bpo12+1 (source) into stable-backports (Yadd) (signed by: Xavier Guimard)
[2025-04-10] lemonldap-ng 2.21.0+ds-2 MIGRATED to testing (Debian testing watch)
[2025-04-08] Accepted lemonldap-ng 2.16.1+ds-deb12u6 (source all) into stable-security (Debian FTP Masters) (signed by: Xavier Guimard)
[2025-04-08] Accepted lemonldap-ng 2.0.11+ds-4+deb11u7 (source all) into oldstable-security (Yadd) (signed by: Xavier Guimard)
[2025-04-07] Accepted lemonldap-ng 2.21.0+ds-2 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-04-07] Accepted lemonldap-ng 2.21.0+ds-1 (source) into unstable (Yadd) (signed by: Xavier Guimard)
[2025-02-03] Accepted lemonldap-ng 2.16.1+ds-deb12u5 (source) into proposed-updates (Debian FTP Masters) (signed by: Xavier Guimard)
[2025-01-30] Accepted lemonldap-ng 2.20.2+ds-1~bpo12+1 (source) into stable-backports (Yadd) (signed by: Xavier Guimard)

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 19)
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
l10n (99, -)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.22.0+ds-2
2 bugs