Your message dated Wed, 22 Aug 2018 22:04:09 +0000
with message-id <[email protected]>
and subject line Bug#906985: fixed in 389-ds-base 1.4.0.15-1
has caused the Debian Bug report #906985,
regarding 389-ds-base: CVE-2018-10935: ldapsearch with server side sort allows
users to cause a crash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
906985: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906985
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: 389-ds-base
Version: 1.3.8.2-1
Severity: important
Tags: security upstream
Forwarded: https://pagure.io/389-ds-base/issue/49890
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2018-10935[0]:
ldapsearch with server side sort allows users to cause a crash
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10935
[1] https://pagure.io/389-ds-base/issue/49890
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: 389-ds-base
Source-Version: 1.4.0.15-1
We believe that the bug you reported is fixed in the latest version of
389-ds-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated 389-ds-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 23 Aug 2018 00:46:45 +0300
Source: 389-ds-base
Binary: 389-ds 389-ds-base-libs 389-ds-base-dev 389-ds-base python3-lib389
python3-dirsrvtests cockpit-389-ds
Architecture: source
Version: 1.4.0.15-1
Distribution: unstable
Urgency: medium
Maintainer: Debian FreeIPA Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Description:
389-ds - 389 Directory Server suite - metapackage
389-ds-base - 389 Directory Server suite - server
389-ds-base-dev - 389 Directory Server suite - development files
389-ds-base-libs - 389 Directory Server suite - libraries
cockpit-389-ds - Cockpit user interface for 389 Directory Server
python3-dirsrvtests - Python3 module for 389 Directory Server Continuous
Integration te
python3-lib389 - Python3 module for accessing and configuring the 389
Directory Se
Closes: 906985
Changes:
389-ds-base (1.4.0.15-1) unstable; urgency=medium
.
* New upstream release
- CVE-2018-10935 (Closes: #906985)
* control: Add libcrack2-dev to build-depends.
Checksums-Sha1:
764a87da8161c433c5828ebe552b752e27f951ba 2802 389-ds-base_1.4.0.15-1.dsc
7909d06dab6a60b303d0c6091634e50aaa223eff 5667207
389-ds-base_1.4.0.15.orig.tar.bz2
403a3f99fe60595597c15888c57636c9fc210228 443524
389-ds-base_1.4.0.15-1.debian.tar.xz
f415877e552dff0f9210d22402fa28dabec94935 6865
389-ds-base_1.4.0.15-1_source.buildinfo
Checksums-Sha256:
239bc9cde795675a2a8863fbd0b10c8ff99a6c818684abf47a933861e5754de2 2802
389-ds-base_1.4.0.15-1.dsc
0989fdf59de8f7a22fd5f0d77cb5f5f6fc82d8a57cac272be7fcae40fb5150ae 5667207
389-ds-base_1.4.0.15.orig.tar.bz2
164ac352752f36fda53501b71c65b572702237c296f2113d70deaed39f6e6653 443524
389-ds-base_1.4.0.15-1.debian.tar.xz
3979764b289d066ac1a523c0498652cb362a9ed46ce2b419625a5405128119ed 6865
389-ds-base_1.4.0.15-1_source.buildinfo
Files:
634d27c024d0198193be6e77afc7a3fb 2802 net optional 389-ds-base_1.4.0.15-1.dsc
09d9dfc6d72dd45031599e73a12301c1 5667207 net optional
389-ds-base_1.4.0.15.orig.tar.bz2
c81ddd448e7834410d5efb2c933fb624 443524 net optional
389-ds-base_1.4.0.15-1.debian.tar.xz
61143474b4e720f3a8aa7c7a4e943a31 6865 net optional
389-ds-base_1.4.0.15-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAlt92dYACgkQy3AxZaiJ
hNxkRxAAgzesf5x9s3axdt5XpN41MhH/WlvzWXw76M/Hv/aTUrT0Gg6UqV9b9kiO
ZSeMg6HFWHi6Ad6QXR6FbOKqVVzfHnIq1y3FotxFrRutF6iHkhEvH5Zan/KpsXEI
7HIbb42r+j03HdDpfkcZV6Rlm9ASAZTs8+nqaVw1AcQH5uazqfXpb8I/xgV5NL9j
IdzL7/wOz5wYY+sB5sZ7drNT3CQRN0XzD+5wwTiq1lJTlpWgZG6dH4JbVFSm8nrr
QYga9Ndo8um9sU6J7kmgJXypozOXZXQaHUvnehL1uFqY/eIXYzegQRhCcNzDE3GR
oemfE5KLivFkRm9mopj6+O+8fDSymQmW3q9esUF4adCTyP8pb5l11Llxp7eWPvhS
ZEzD26Gp/6mXgWNQvUuYyVfhG2QUBjnz9m7xtw4FAGd+UNLzJPeRGghz4vgOfWP6
ISbiHefjhNUH4grvD5FDeaxPRmJ5ROCz7+rKRLWYDYe6a9JbNSssb+q9v27h0tig
hcw+ZLeNAplQcjjRbMygxZbToZyH3dJvou38+0NTFcyvHhiHhhSghAjZF5M5bML2
M+vDzI46Pq4dE6nFg4rPeS/sc3OL4NKgGW0ip/yVosvGKT3AH1vowbU2D3FzdtDX
1b34tz+zoUyblrHv1crListMN8zv8cq148Kv8UzuYMyZbARGmrA=
=RlWs
-----END PGP SIGNATURE-----
--- End Message ---
