Your message dated Mon, 05 Feb 2018 15:21:00 +0000 with message-id <e1eiizo-0005ea...@fasolo.debian.org> and subject line Bug#888452: fixed in 389-ds-base 1.3.7.9-1 has caused the Debian Bug report #888452, regarding 389-ds-base: CVE-2017-15134: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 888452: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888452 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: 389-ds-base Version: 1.3.7.8-4 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for 389-ds-base. CVE-2017-15134[0]: Remote DoS via search filters in slapi_filter_sprintf in slapd/util.c If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-15134 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15134 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1531573 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: 389-ds-base Source-Version: 1.3.7.9-1 We believe that the bug you reported is fixed in the latest version of 389-ds-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 888...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaal...@debian.org> (supplier of updated 389-ds-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 05 Feb 2018 16:25:09 +0200 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-dev 389-ds-base python3-lib389 python3-dirsrvtests Architecture: source Version: 1.3.7.9-1 Distribution: unstable Urgency: medium Maintainer: Debian 389ds Team <pkg-fedora-ds-maintain...@lists.alioth.debian.org> Changed-By: Timo Aaltonen <tjaal...@debian.org> Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries python3-dirsrvtests - Python3 module for 389 Directory Server Continuous Integration te python3-lib389 - Python3 module for accessing and configuring the 389 Directory Se Closes: 888451 888452 Changes: 389-ds-base (1.3.7.9-1) unstable; urgency=medium . * New upstream release. - CVE-2017-15134 (Closes: #888452) * patches: Fix CVE-2017-15135. (Closes: #888451) * tests: Add some debug output. Checksums-Sha1: d6057d4029733987b58726d2086437d6612f2ece 2737 389-ds-base_1.3.7.9-1.dsc a3b49138c588c8389e547622ea62fa77e7f0005b 3573617 389-ds-base_1.3.7.9.orig.tar.bz2 efbccfd6e1b62487cfbde401335f08402e68bbb6 23664 389-ds-base_1.3.7.9-1.debian.tar.xz Checksums-Sha256: 744149e318639702c9d55b6167901a72d0bb81904b1d7a3de60afbd0d097106f 2737 389-ds-base_1.3.7.9-1.dsc fe9e7bee67ff6ce8b41d7e7c74dae79bd69711bcb488fe8c226e218357331e37 3573617 389-ds-base_1.3.7.9.orig.tar.bz2 7dcce3f6c1be57cb16f839cd60f2c61f3daa133e33e0e178a3643f23cf383198 23664 389-ds-base_1.3.7.9-1.debian.tar.xz Files: e7bd5b53d457f0c8067b9a316ac653e0 2737 net optional 389-ds-base_1.3.7.9-1.dsc 1f40ad0aec80cc2b084a2914d2dd6370 3573617 net optional 389-ds-base_1.3.7.9.orig.tar.bz2 50979bbacef1c4705e2a93584cf9177e 23664 net optional 389-ds-base_1.3.7.9-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJaeGpRAAoJEMtwMWWoiYTcS7gP/jfcYJZcOxm95mEy03tQd+v8 wmSR2+vWQbHz+8Vl3HZZtepB1lDKu0YdvYKVGtJxdSNcZ3FSzhZT+rXrEb4cqWue MYD1Y2njzK7GWrOXIE8Lx/wC4vFhzdsApxX0FVgpsW6HPGdB0ebG06c9gx1aK/Ol nB+6WjgNOCp1FlqiypNhjzhDMKuLz9/hpNSL5VNVRXTeVdB8Lw9/0K47XMEKpYY6 9YnfnT1LgynPJHBanwPwUdK3NeEtpDgjKADAlfy7ozLndVA7ka2BjKYXZ7zBFHCt YxQOBI6fp5QpiYjo7M5XTYxCobeQdmt9GhNajVrPvI9xFKEZJVqoYwEphsMvjEJZ m4C5Ih646c9A6yA7HeZx54lpdUbAMwrb8DcMRS7lgAqwIEHQdgTt+ubPSyCfMy3c nWlyBkYxTui/AL+i+lo7UooNGGbosQCsO7n+q2g3T0+MIAzV0gCEhEGvptLrIjjW yWDJGp1j7Nl22A82/3bsYnUK/a5jhmJvaCdiivFr6QnVcrfRtXZY6CBErMlYbyEv 6+UoIHCOtkYjdJZRj6XaRdh9GYa7M0v2yrh0v5facqzfmoxcHTn59TYIT4vNtNZv gCjCDKIijY28Om8niltDbOiw+OlNi2jjZG2N2MInw87fdrCGCi0rKk++RyOi/4Yl 2owN6Q/ctz1EGP90E92Q =f6bA -----END PGP SIGNATURE-----
--- End Message ---
