XPost: linux.debian.devel.release

This is a multi-part MIME message sent by reportbug.


Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:lemonldap-ng
User: [email protected]
Usertags: pu

[ Reason ]
Lemonldap-NG community published a new LTS version: 2.16.6. The main
changed inported here are:
* Fix sessions tablename when not default
* Fix OpenID-Connect flow when user encountered an error on server side
* Fix Kerberos JavaScript when used with "Choice"
* Improve CORS check
* Fix path_info

[ Impact ]
Some annonying bugs

[ Tests ]
New patches includes tests

[ Risks ]
Low risk, test coverage is good

[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable

Best regards,
Xavier

diff --git a/debian/changelog b/debian/changelog
index a2a7ee804..aededc82a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+lemonldap-ng (2.16.1+ds-deb12u7) bookworm; urgency=medium
+
+ * Fix sessions tablename when not default
+ * Fix OpenID-Connect flow when user encountered an error on server side
+ * Fix Kerberos JavaScript when used with "Choice"
+ * Improve CORS check
+ * Fix path_info
+
+ -- Yadd <[email protected]> Sat, 12 Jul 2025 20:12:21 +0200
+
lemonldap-ng (2.16.1+ds-deb12u6) bookworm-security; urgency=high

* Fix XSS vulnerability in Choice module (Closes: CVE-2025-31510)
diff --git a/debian/patches/fix-bad-table-name.patch b/debian/patches/fix-bad-table-name.patch
new file mode 100644
index 000000000..d49b65114
--- /dev/null
+++ b/debian/patches/fix-bad-table-name.patch
@@ -0,0 +1,20 @@
+Description: fix fixed tablename
+Author: Yadd <[email protected]>
+Origin: upstream, https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/commit/d9db2a6b
+Bug: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/3405 +Forwarded: not-