Bug#798622: marked as done (openldap: CVE-2015-6908: ber_get_next denial of service vulnerability)

Sat, 12 Sep 2015 14:23:06 -0700 

Your message dated Sat, 12 Sep 2015 21:17:10 +0000
with message-id <[email protected]>
and subject line Bug#798622: fixed in openldap 2.4.40+dfsg-1+deb8u1
has caused the Debian Bug report #798622,
regarding openldap: CVE-2015-6908: ber_get_next denial of service vulnerability
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
798622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798622
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: openldap
Version: 2.4.31-2
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240

Hi

See http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240 . A
patch is available at
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: openldap
Source-Version: 2.4.40+dfsg-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated openldap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 11 Sep 2015 10:30:43 +0200
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg 
libldap2-dev slapd-dbg
Architecture: source
Version: 2.4.40+dfsg-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian OpenLDAP Maintainers 
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
 slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 798622
Changes:
 openldap (2.4.40+dfsg-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Add ITS8240-remove-obsolete-assert.patch patch.
     Import upstream patch to remove an unnecessary assert(0) that could be
     triggered remotely by an unauthenticated user by sending a malformed BER
     element. (CVE-2015-6908, Closes: #798622)
Checksums-Sha1:
 b0db59f25f01d87eb9db18ed1f8bab63ccad037e 2821 openldap_2.4.40+dfsg-1+deb8u1.dsc
 b80c48f2b7cbf634a3d463b7eb4ca38f081ce2eb 4797667 
openldap_2.4.40+dfsg.orig.tar.gz
 bed31b94ef1e525f565b22a55eb501aeb8b42c2b 179239 
openldap_2.4.40+dfsg-1+deb8u1.diff.gz
Checksums-Sha256:
 9938c4113dbe0c25fba5974d3c857f696413e17bdc56a031e499c78ed62eb114 2821 
openldap_2.4.40+dfsg-1+deb8u1.dsc
 86c0326dc3dc5f1a9b3c25f7106b96f3eafcdf5da090b1fc586dec57d56e0e7f 4797667 
openldap_2.4.40+dfsg.orig.tar.gz
 ae1b31e084f4b3e086d26787816175959d166ec406c9bcfce8f6fbe46ad4062a 179239 
openldap_2.4.40+dfsg-1+deb8u1.diff.gz
Files:
 1837a04d128daf28f021c14c17a547e5 2821 net optional 
openldap_2.4.40+dfsg-1+deb8u1.dsc
 8d84a916e2312aade2a3d7b2308a9a69 4797667 net optional 
openldap_2.4.40+dfsg.orig.tar.gz
 c286cfcce9a00059b260a9c1257be7d9 179239 net optional 
openldap_2.4.40+dfsg-1+deb8u1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV8upsAAoJEAVMuPMTQ89E75IP/2FTMt0oLV+VcBUH8DqTY+//
SOBnnPeYw/rNUcr67DpOK6kZphOime/UpOj4AjF0T39QphzTDG8qu0nWBQb+ng0T
f/cpW+ENFrcQgjc7ScVi8Y7cMhHQG9V13FRj4x4twR7VKds2oupsJZCK1BqeCgwU
sxH8SFsVy7gjqZauUg+rAdfhLRbM7hL40N9ZynTDepzBnUkyWht7idlgD0IHM8Y2
9+eCV+lq1s4IpnGpVRjOWG0M4yPJ1MhjnWUQVzxSDOkNQq+rG3bMGj7Wo/LuR6jh
94YwrUsngtTfyYgdtL6d5qVPXcYNjJ+IXTkJo1cLcpjifm8By8Bl9qbwEHCFf1iO
DEdYrFTYfKcJc9I+x3XRG3Evj2elsq3LXB2gopSn1FEJ9ONEm/uThVmaG3YdeFKJ
1T4q5VYi3InjOSckn/psmIrnHiOQ8nIE22gsplV7uk/XC8R5dejpYB7DynvleCBd
yE5ICXvNVmTkUufeucdMErhwC3JvMIDPrJBHzR/mcToVjzKBC+1Rd1ThjY4eW1ew
F1QPfNUpwXI5eidGC6JMujvpD7qA7k85wpnEduZ3/K7zk66cjK6L5OySXMJSVLWO
0gyDAwJVCpCobptCfxzs+q+gw3GFMG00ls+LD8h1jZv2Rps9vbHNPgTQUUjA6/c3
u3EMv3aOomYzXkecK035
=OG64
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to