Your message dated Wed, 14 Aug 2019 18:47:46 +0000 with message-id <e1hxyjg-0005lv...@fasolo.debian.org> and subject line Bug#932997: fixed in openldap 2.4.44+dfsg-5+deb9u3 has caused the Debian Bug report #932997, regarding openldap: CVE-2019-13057 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 932997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932997 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openldap Version: 2.4.47+dfsg-3 Severity: important Tags: security upstream Forwarded: https://openldap.org/its/?findid=9038 Hi, The following vulnerability was published for openldap, this is for tracking, as the issue is already know to the maintainers. CVE-2019-13057[0]: openldap: rootdn of any db can assert any identity If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057 [1] https://openldap.org/its/?findid=9038 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openldap Source-Version: 2.4.44+dfsg-5+deb9u3 We believe that the bug you reported is fixed in the latest version of openldap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 932...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ryan Tandy <r...@nardis.ca> (supplier of updated openldap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 10 Aug 2019 12:17:00 -0700 Source: openldap Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-common libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source all Version: 2.4.44+dfsg-5+deb9u3 Distribution: stretch Urgency: medium Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-de...@lists.alioth.debian.org> Changed-By: Ryan Tandy <r...@nardis.ca> Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap-common - OpenLDAP common files for libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd. Closes: 932997 932998 934277 Changes: openldap (2.4.44+dfsg-5+deb9u3) stretch; urgency=medium . * Fix slapd to restrict rootDN proxyauthz to its own databases (CVE-2019-13057) (ITS#9038) (Closes: #932997) * Fix slapd to enforce sasl_ssf ACL statement on every connection (CVE-2019-13565) (ITS#9052) (Closes: #932998) * Fix slapo-rwm to not free original filter when rewritten filter is invalid (ITS#8964) (Closes: #934277, LP: #1838370) Checksums-Sha1: c66c3097d1b9baa7c63fde953258025c188adfa3 3009 openldap_2.4.44+dfsg-5+deb9u3.dsc f1448c32b1e78a295260fa9217be92dde344829c 168576 openldap_2.4.44+dfsg-5+deb9u3.debian.tar.xz a410f605d05f5eeb793a9b539a41defc904733b3 85710 libldap-common_2.4.44+dfsg-5+deb9u3_all.deb Checksums-Sha256: feff6977d4674bbbbe3c34c9d292edcfe6d895d10aa165910dbc96819a327abb 3009 openldap_2.4.44+dfsg-5+deb9u3.dsc 926e2b00418901d9b52d314a6f6319f84c9dd04e12d085830ffc37bf3329c402 168576 openldap_2.4.44+dfsg-5+deb9u3.debian.tar.xz f7482e2b4aaa78abd1b0f4034cb1a36ab929e28c477f588916971aeb004afcf2 85710 libldap-common_2.4.44+dfsg-5+deb9u3_all.deb Files: 2a811aad373268d3c7633b70483ea38f 3009 net optional openldap_2.4.44+dfsg-5+deb9u3.dsc cf128a90797244b43b27d860e1645a8a 168576 net optional openldap_2.4.44+dfsg-5+deb9u3.debian.tar.xz 3c6f9d695a42ba518081a9f3abe795e4 85710 libs standard libldap-common_2.4.44+dfsg-5+deb9u3_all.deb -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEPSfh0nqdQTd5kOFlIp/PEvXWa7YFAl1THp4PHHJ5YW5AbmFy ZGlzLmNhAAoJECKfzxL11mu2zYAQAJiN0KVeAA1Nf+lpTn9p59wVE1sDNI3zLUvX Jgvp/l0BzoEFSO8OTA2+d0Ge6kO6QSVGLN4RF6CnyN2web90KlonKNeja5b7eas9 as2l4JMSdeC2shh4M/aslBsHYKienrSf1BYq6SnfE02S4Ua+u+Z999AyrsZycmqf XXE0C1nGJ2fzd3VFNPk7CPM7luNUcwcQDEyvhYSdh6mctnk1HiQF0A4WuHdpPDVG kBiBlxtGvMLFLKm557tAMBHmGc+qzYYTJaK5UCUdsddB4ztwjDnXY5KU1dZA0bR5 SPyNeZacMm8+r6k5OOq8LAyRyurbabpJJY8ttekzsLqPHiDNcpkTMreqz6dhFvyf 0VegQ+wJc3krmcoW1raAkfUD5nKYZzavgqt9vPloIs3lOQ/EtTRs8GwEn+Tqr9aZ Vgac8orpzreNOpIg/SeG7FoFtT/7AZCD7mNuKbqE9Cw21gDfcs5umOPzNj+QigMA T25p1I4ZN75B58J0SVwxc48OLsD1XAPR8WvBCCf+J7XLaTmBWn8NumXqe611YPfy Cb48p1tpREHVa8tLqXvE60cw0QF4m6ztdnhybYA6f5kus7C85yG0lcSK23TeNpiM 5aIg06T+Jq3S5izMjO8MMiQ/gEB5w+GY65jT6ZGvst9AkmxhvEnsKb0giofh6ram Q2Qx9ypY =K7gL -----END PGP SIGNATURE-----
--- End Message ---
