Your message dated Mon, 14 Sep 2015 13:35:57 +0000
with message-id <[email protected]>
and subject line Bug#798622: fixed in openldap 2.4.23-7.3+deb6u2
has caused the Debian Bug report #798622,
regarding openldap: CVE-2015-6908: ber_get_next denial of service vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
798622: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798622
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openldap
Version: 2.4.31-2
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240
Hi
See http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240 . A
patch is available at
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openldap
Source-Version: 2.4.23-7.3+deb6u2
We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Tandy <[email protected]> (supplier of updated openldap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 11 Sep 2015 08:28:34 -0700
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg
libldap2-dev slapd-dbg
Architecture: source i386
Version: 2.4.23-7.3+deb6u2
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian OpenLDAP Maintainers
<[email protected]>
Changed-By: Ryan Tandy <[email protected]>
Description:
ldap-utils - OpenLDAP utilities
libldap-2.4-2 - OpenLDAP libraries
libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
libldap2-dev - OpenLDAP development libraries
slapd - OpenLDAP server (slapd)
slapd-dbg - Debugging information for the OpenLDAP server (slapd)
slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 798622
Changes:
openldap (2.4.23-7.3+deb6u2) squeeze-lts; urgency=high
.
* Import upstream patch to remove an unnecessary assert(0) that could be
triggered remotely by an unauthenticated user by sending a malformed BER
element. (ITS#8240) (CVE-2015-6908) (Closes: #798622)
Checksums-Sha1:
1bd617ced7fb1e15072f7adf7bea78d9de8b90c7 2651 openldap_2.4.23-7.3+deb6u2.dsc
6ae59c70665c0df7c71bab1f786503e10bdcf82e 164124
openldap_2.4.23-7.3+deb6u2.diff.gz
a6fad853761e3dd19750b297a1fd0d92c5c6079f 1512548
slapd_2.4.23-7.3+deb6u2_i386.deb
3d344c226203b3ff74c2fd277b2e32964545ffc5 58128
slapd-smbk5pwd_2.4.23-7.3+deb6u2_i386.deb
a3d72e848d9eedf41bafbfc5ec566fc6b81e1377 298052
ldap-utils_2.4.23-7.3+deb6u2_i386.deb
e000cedf4481a1a689c4696d426aae19111c3566 197232
libldap-2.4-2_2.4.23-7.3+deb6u2_i386.deb
98c4d88dc1f6956cbe4ff7300d8029d3d36e5272 307578
libldap-2.4-2-dbg_2.4.23-7.3+deb6u2_i386.deb
b730bff05c635ec310af19ae4297b818b0046245 913678
libldap2-dev_2.4.23-7.3+deb6u2_i386.deb
fc66fcb03d0ebfb7357b33a926b196d57fb602c8 3977612
slapd-dbg_2.4.23-7.3+deb6u2_i386.deb
Checksums-Sha256:
8cbdef40bef004c8e16ac6f8106adf0cdd8bd74bb383824c3a0b92ac0da6ab3d 2651
openldap_2.4.23-7.3+deb6u2.dsc
3a2add3be22a85b724057189432c572c89ed05ef5e19be6668a02cd4eb67895e 164124
openldap_2.4.23-7.3+deb6u2.diff.gz
4cf4476664b3e21b36bf948f84002b6d75961f3bd374050d2bda5b8df6a28a44 1512548
slapd_2.4.23-7.3+deb6u2_i386.deb
7b8902679f59a43bcdca428dcd43b5994f6081c0191702587cce18574bb3cc3a 58128
slapd-smbk5pwd_2.4.23-7.3+deb6u2_i386.deb
5e6e9c8257e6ef3bb61bede42c2eb8ce51c0df61bd049045bdc9361b5ffe0aa1 298052
ldap-utils_2.4.23-7.3+deb6u2_i386.deb
d106dae61d61a333ecd6011836cee5e7af2b28d84a2e0145888189df3d818905 197232
libldap-2.4-2_2.4.23-7.3+deb6u2_i386.deb
f7433eba0259a49595fbfdce53e99453bc57829f113eccd9986cc570dde4ba7e 307578
libldap-2.4-2-dbg_2.4.23-7.3+deb6u2_i386.deb
d8c7420e3b4b7e007c32a1bbbb442d756bf79fe964b967a9f3ae2b085595bcf2 913678
libldap2-dev_2.4.23-7.3+deb6u2_i386.deb
0e850e6a114791d3f6730fb24da38a62fb308742ed0bfe0912bb9479d046b96b 3977612
slapd-dbg_2.4.23-7.3+deb6u2_i386.deb
Files:
28fa4a83fcc093901a51f13f9d30796b 2651 net optional
openldap_2.4.23-7.3+deb6u2.dsc
ce1a51ef35e139bfead2be4fbd40c38e 164124 net optional
openldap_2.4.23-7.3+deb6u2.diff.gz
a711c2ca040411fae882d7fe8bd20efc 1512548 net optional
slapd_2.4.23-7.3+deb6u2_i386.deb
d619c8b1802d3fd5163af5ac05ba90e0 58128 net extra
slapd-smbk5pwd_2.4.23-7.3+deb6u2_i386.deb
4eb5dee2f57cc371b4b7451ba3163b9b 298052 net optional
ldap-utils_2.4.23-7.3+deb6u2_i386.deb
3a2de63702761427e26a4b3b7081eef8 197232 libs standard
libldap-2.4-2_2.4.23-7.3+deb6u2_i386.deb
801aa538846f24b3a864a66ebfdca26c 307578 debug extra
libldap-2.4-2-dbg_2.4.23-7.3+deb6u2_i386.deb
b92333c66c2af621e2530b210f4cc944 913678 libdevel extra
libldap2-dev_2.4.23-7.3+deb6u2_i386.deb
29f02952ea8b357b7c81bdfdc981a670 3977612 debug extra
slapd-dbg_2.4.23-7.3+deb6u2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJV9Z7WXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH1rAQAL5/lX1DyIUY92dGOA516jlj
M56+BppV8wMWMv5CuUAxIRSp5FoWoRKlilNB4HnCshyhXQhq3aFepsHo8s/b1gjY
kwISo4Shcq+KQAVkEuZ+3kgJIMUN+tbiC6X/Stb5w6PN71pXD0dtQPeJaAeky62S
3TC3poFIY2Ki1Kl7dzwJIU6YA3YmmUSFEy4FUW0AYXmbbDKnGJq9sbaC4+O8eA0D
ixXGKzR+M2GnESGQbgZUvf1gFVWhfgWs95tAqYhUUM8kBdjB8gRMrNTCAsQKmg/1
JIe/2Bi3zYLcsY1L5p/fD9R4gpPXWpUz7WH1oyPL2vZzUmsyfXHnopFK5TJcR4T4
Y8I/9n8oXvX0s5Z+LJ1aXs41CeGpVcnNMFucJlLdVLPToKqHv0ocy6SXwzO3H1E4
1+0FK6yLgFeY6e5Sghfu9wKWKjXm5XpMcd+MVUZm1y/S0e+gUOfqMiKSjs10j23H
t1Kc2OAMX5oyy0Yccro7l361LxBophyNwH6KUDAHSjttxv/UvA/rMEgBO0ewDaQU
Z60HC60qufxOTrpZYQKN9XX3qGy5WQLdbrxreEUbYcKQnfqrPwrOrUExDf1YEvRb
oWmu8cht06LY/dQdF5zdtlf5H4nia56V5SYINJ2qDqg2GXHJZIE0zbCkgqmOcRD3
MkefTvg16oSHJEiqqtMM
=bFPu
-----END PGP SIGNATURE-----
--- End Message ---
