Candidate: CVE-2012-6426
PublicDate: 2013-01-01 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6426
 http://jira.ow2.org/browse/LEMONLDAP-570?page=com.atlassian.jirafisheyeplugin:fisheye-issuepanel
Description:
 LemonLDAP::NG before 1.2.3 does not use the signature-verification
 capability of the Lasso library, which allows remote attackers to bypass
 intended access-control restrictions via crafted SAML data.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696329
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_lemonldap-ng:
 upstream: http://fisheye.ow2.org/changelog/LemonLDAP?cs=2698
upstream_lemonldap-ng: released (1.2.3)
hardy_lemonldap-ng: ignored (reached end-of-life)
lucid_lemonldap-ng: ignored (reached end-of-life)
oneiric_lemonldap-ng: ignored (reached end-of-life)
precise_lemonldap-ng: ignored (reached end-of-life)
precise/esm_lemonldap-ng: DNE (precise was needed)
quantal_lemonldap-ng: ignored (reached end-of-life)
raring_lemonldap-ng: ignored (reached end-of-life)
saucy_lemonldap-ng: not-affected (1.2.4-2)
trusty_lemonldap-ng: not-affected (1.2.5-1)
trusty/esm_lemonldap-ng: DNE (trusty was not-affected [1.2.5-1])
utopic_lemonldap-ng: not-affected (1.2.5-1)
vivid_lemonldap-ng: not-affected (1.2.5-1)
vivid/stable-phone-overlay_lemonldap-ng: DNE
vivid/ubuntu-core_lemonldap-ng: DNE
wily_lemonldap-ng: not-affected (1.2.5-1)
xenial_lemonldap-ng: not-affected (1.2.5-1)
yakkety_lemonldap-ng: not-affected (1.2.5-1)
zesty_lemonldap-ng: not-affected (1.2.5-1)
devel_lemonldap-ng: not-affected (1.2.5-1)