Your message dated Mon, 09 Feb 2015 21:22:23 +0000
with message-id <[email protected]>
and subject line Bug#776991: fixed in openldap 2.4.40-4
has caused the Debian Bug report #776991,
regarding openldap: CVE-2015-1546: crash in valueReturnFilter cleanup
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
776991: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776991
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: slapd
Version: 2.4.40-3
Severity: important
Tags: upstream
Control: forwarded -1 http://www.openldap.org/its/?findid=8046
Bill MacAllister discovered that certain queries cause slapd to crash
while freeing operation controls. Details to follow.
This is a 2.4.40 regression. Earlier releases are not affected.
--- End Message ---
--- Begin Message ---
Source: openldap
Source-Version: 2.4.40-4
We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Tandy <[email protected]> (supplier of updated openldap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 08 Feb 2015 20:19:11 +0000
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg
libldap2-dev slapd-dbg
Architecture: source amd64
Version: 2.4.40-4
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenLDAP Maintainers
<[email protected]>
Changed-By: Ryan Tandy <[email protected]>
Description:
ldap-utils - OpenLDAP utilities
libldap-2.4-2 - OpenLDAP libraries
libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
libldap2-dev - OpenLDAP development libraries
slapd - OpenLDAP server (slapd)
slapd-dbg - Debugging information for the OpenLDAP server (slapd)
slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 776988 776991
Changes:
openldap (2.4.40-4) unstable; urgency=medium
.
* debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
patch to fix a crash when a search includes the Deref control with an
empty attribute list. (ITS#8027) (CVE-2015-1545, Closes: #776988)
* debian/patches/ITS8046-fix-vrFilter_free-crash.patch: Import upstream
patch to fix a double free triggered by certain search queries using the
Matched Values control. (ITS#8046) (CVE-2015-1546, Closes: #776991)
Checksums-Sha1:
6916d2f8bc6887a28fecad20ab7b6c453fb26b17 2756 openldap_2.4.40-4.dsc
da5218904f2f5e221143e42b69938c039e0d1515 177329 openldap_2.4.40-4.diff.gz
1b43f58f2890204b23434a7ea19770ab329bf16a 1419858 slapd_2.4.40-4_amd64.deb
d7bfa33906f1fea02e78f75e18be59603497f638 82750
slapd-smbk5pwd_2.4.40-4_amd64.deb
c9a0f3cf0f1ff13423d87d70fa0970f9fd855cfa 187856 ldap-utils_2.4.40-4_amd64.deb
f0636e63420ad391a0185ae1b4a53eeb45b9544a 217322
libldap-2.4-2_2.4.40-4_amd64.deb
21915916c3c65add67ec5fdf7de7b80f290fbdda 441688
libldap-2.4-2-dbg_2.4.40-4_amd64.deb
fad1b3b56d1671ed7c11fdc1bcf7169d53e694b2 323568 libldap2-dev_2.4.40-4_amd64.deb
19c4d3274b94cc8387650c306ab6b9ee916c2233 4902624 slapd-dbg_2.4.40-4_amd64.deb
Checksums-Sha256:
5dcc3b9b7703e341c8878e6dc407ac3956aa314edc8404af8efd1738236e00a5 2756
openldap_2.4.40-4.dsc
3be4cc54cfdcdb8d17fd535bd4a374744bc84c9b4ae843521511683cc7439302 177329
openldap_2.4.40-4.diff.gz
b66b4e92f6cdf4759330234ddb81ad67413f4b8875644682a052afc2e9415abe 1419858
slapd_2.4.40-4_amd64.deb
389e1e6c655aba6707e37a437489784aba753240fcc8120a17c1c59a56f3dfda 82750
slapd-smbk5pwd_2.4.40-4_amd64.deb
d3031cfb280c988f9fa75cf0bcfe66f9f7690617bf61a0f6f42238342e8a3c23 187856
ldap-utils_2.4.40-4_amd64.deb
30cb149047edec729662178925fbf06a6eab6d534527c5ae8de4c5e6950bd304 217322
libldap-2.4-2_2.4.40-4_amd64.deb
7713b0bfabf7c38b807055cbb1835d6c3705c9ff79be0970f0cfdf2f87b1da43 441688
libldap-2.4-2-dbg_2.4.40-4_amd64.deb
9e26e2d23ed7794ae9d6d56dbbf35f1a8e276612f3338b312950027a7bf92198 323568
libldap2-dev_2.4.40-4_amd64.deb
3945b83f2116d9738983adf052282ef12f2d82b42e20c66a70ec76968db09b32 4902624
slapd-dbg_2.4.40-4_amd64.deb
Files:
e82089d8b0454af877cd977019c4e198 2756 net optional openldap_2.4.40-4.dsc
ee2a355182429e1e1a44ed5023066bc2 177329 net optional openldap_2.4.40-4.diff.gz
21a3dbd738dc25f79406b82f3c918d29 1419858 net optional slapd_2.4.40-4_amd64.deb
598e3eed03cd2e3551e86c1037a28c43 82750 net extra
slapd-smbk5pwd_2.4.40-4_amd64.deb
8b1a4599560f5a70f6a5a62dd499d68b 187856 net optional
ldap-utils_2.4.40-4_amd64.deb
cf939f6113367fdae5ab9efa025e7434 217322 libs standard
libldap-2.4-2_2.4.40-4_amd64.deb
2b5c75b5bdfc14e94366315ac8b12701 441688 debug extra
libldap-2.4-2-dbg_2.4.40-4_amd64.deb
2f20eb1930bb2698e1c2106ed06f742d 323568 libdevel extra
libldap2-dev_2.4.40-4_amd64.deb
90bb744295d0b68568f3ad0ef2a565db 4902624 debug extra
slapd-dbg_2.4.40-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJU2RC/AAoJEKmDSiJSB45OqwcQALjHqhyE+2cKByq6HEAlXjCv
ZMT4XhpChsMAKfBi81/9L/yOmFp+8GS180hJvwU5Gvx0Ip8VN4S7aW81Mui1BEGX
b4+AK5EbTLWf5nolo93o2ivXQnDDLP+kd5KJSwbgto99DuSeYxt/YBtZ9KuBqubP
qpuf+1xp7h1X+qI2mG8WfE0s/Yy9K1xPt+NwcbGVPD92Oo9JR/cAtMZqLAAlKU9j
wsXw0ozAiQY8jxMDAsanRzJpDsRA4VQ1cET2l+sTyBFWXtXqD7V1tgF2Uc0U2/zJ
8cB8kSDBJCw4+MqPzigC4q/adqR7wO7eU+qyAJBwZko2uH4VBRqkF40PzjeHdkRB
xcru++8xcFI3t+mm/Jt7EeyLJemj63XByXKMQ4dWG0ZNtfOOMqfERGtxofSF0Nug
mUs01XM/rXMvYtb0Mujh5Z5GmGZB4xW426UE7H00WKxbNRTMLy4fYbdgLbcZ9VIS
651Z/wcg53uv9nALK1mLLFznPez8Zz9pXAxstm7nwzJs0UZQqeUMOc3cXtjw+S+d
2gQxRKzwMOfaDiDtRJ+A/q54YDQ/2et8wVdcGfhzEzAroVfyv26qF64dK8Q1egKP
vMG1MXvMh0bByxuzxDLWEKM2jGjkELe/iohlNgwH0w+8PWXSdh42zxVQEeMpBOu8
n/A3TrWlaW3I54AQUlZ5
=egnU
-----END PGP SIGNATURE-----
--- End Message ---
