Your message dated Sat, 18 Apr 2015 15:19:15 +0000
with message-id <[email protected]>
and subject line Bug#776988: fixed in openldap 2.4.23-7.3+deb6u1
has caused the Debian Bug report #776988,
regarding openldap: CVE-2015-1545: crashes on search with deref control and
empty attr list
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
776988: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776988
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: slapd
Version: 2.4.40-3
Severity: important
Tags: upstream fixed-upstream
Control: found -1 2.4.31-1+nmu2
Control: found -1 2.4.23-7.3
Control: forwarded -1 http://www.openldap.org/its/?findid=8027
With the deref overlay enabled, ldapsearch with '-E deref=member:'
causes slapd to crash.
2.4 patch:
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=7a5a98577a0481d864ca7fe05b9b32274d4d1fb5
--- End Message ---
--- Begin Message ---
Source: openldap
Source-Version: 2.4.23-7.3+deb6u1
We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Tandy <[email protected]> (supplier of updated openldap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 17 Apr 2015 18:39:40 -0700
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg
libldap2-dev slapd-dbg
Architecture: source
Version: 2.4.23-7.3+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian OpenLDAP Maintainers
<[email protected]>
Changed-By: Ryan Tandy <[email protected]>
Description:
ldap-utils - OpenLDAP utilities
libldap-2.4-2 - OpenLDAP libraries
libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
libldap2-dev - OpenLDAP development libraries
slapd - OpenLDAP server (slapd)
slapd-dbg - Debugging information for the OpenLDAP server (slapd)
slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 663644 729367 761406 776988
Changes:
openldap (2.4.23-7.3+deb6u1) squeeze-lts; urgency=high
.
* debian/slapd.init.ldif: Disallow modifying one's own entry by default,
except specific attributes. (CVE-2014-9713) (Closes: #761406)
* debian/slapd.{config,templates}: On upgrade, if an access rule begins with
"to * by self write", show a debconf note warning that it should be
changed.
* debian/slapd.README.debian: Add information about how to remove "to * by
self write" from existing ACLs.
* debian/po/*: Add translations of debconf warning.
* debian/patches/ITS7723-fix-reference-counting.patch: Import upstream patch
to fix a crash in the rwm overlay when a search is immediately followed by
an unbind. (ITS#7723) (CVE-2013-4449) (Closes: #729367)
* debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream
patch to fix a crash when a search includes the Deref control with an
empty attribute list. (ITS#8027) (CVE-2015-1545) (Closes: #776988)
* debian/patches/ITS7143-fix-attr_dup2-when-attrsOnly.patch: Import upstream
patch to fix a crash when doing an attrsOnly search of a database
configured with both the rwm and translucent overlays. (ITS#7143)
(CVE-2012-1164) (Closes: #663644)
Checksums-Sha1:
1c6613375b3790e37e03e45ebf31e4bc7264366e 2815 openldap_2.4.23-7.3+deb6u1.dsc
bfc98011bbd0c141a57475e3834c38bc4f93cffe 158490
openldap_2.4.23-7.3+deb6u1.diff.gz
Checksums-Sha256:
33675c439af8d610864a245cb5f1e64503d31702db306c711fd5da99e0151739 2815
openldap_2.4.23-7.3+deb6u1.dsc
bb22b677fea356751bf0db75facd99e27ee33fd365b81694a333d2bfceba2ee2 158490
openldap_2.4.23-7.3+deb6u1.diff.gz
Files:
162d12730ed2e79a03ad36ba527dfce5 2815 net optional
openldap_2.4.23-7.3+deb6u1.dsc
dd93ab71922f8b61ebf20088cf9b8147 158490 net optional
openldap_2.4.23-7.3+deb6u1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIVAwUBVTJiLwkauFYGmqocAQrn6w/9HD9K0wcQmVR2F1o2bSfhHtmwexVczipm
WjswT0jPdAxLiZ/QZNJNbqun8Bh6EaHYDJ+6Gs/+Pusok1Ci/pCaFrAHeQq10F7G
8ty1GltHkcz381HcVE9E47hjFvJtGxvDoFcRqOLOgYfFoO2oRsM0x707KKiEljDr
lIhq6YYdwxnYuh5Rl7j45s4HSA0mDMfOBT9u0APozHsYugxJr8P8BCe5B5/CBj8/
l4HKxYPuKHW0AFT8g6eIXttlg6Ar/XztQ+XEsRS8meh5Qses4baokHZlXMvGIBwM
EX3sad5d8gZPPn/YQ5P8qUXJkowujrPVWdKNiEk1DaMlMt3uw+gYz8z/VnRGMaw6
BdZoTgTRjE/FfFC8HLJudCC/700rWMUmDIxozF4ySaK33Ocnws1Q0CeVhhEK2SbH
QvuMjQLkPldaT5wMr0S7UlyE48Jm3RlofFD+SL91HxcCR/3xoj4/ughnREaioHe1
66dhHR99saDEmaGnEs5MUVgM+/achHAZNyiShKOVU7Mcfp5N5PS9EPATwFvLlQTl
uijmtRKO2GoF6+5kCi9PMeVjkQcSx8ZuDZRahx/z/2O5m44i/ay6KHSeJB61iyFw
nVjtGCpHZZq25nj/gzDRjQRtFCm3tH8NyuUMYEC+OpD0RBKbC7xGzOL0pOxvqbQx
VmwZzpVJPuo=
=cvbE
-----END PGP SIGNATURE-----
--- End Message ---
