Your message dated Wed, 14 Aug 2019 18:47:16 +0000 with message-id <e1hxyim-0005fx...@fasolo.debian.org> and subject line Bug#932997: fixed in openldap 2.4.47+dfsg-3+deb10u1 has caused the Debian Bug report #932997, regarding openldap: CVE-2019-13057 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 932997: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932997 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: openldap Version: 2.4.47+dfsg-3 Severity: important Tags: security upstream Forwarded: https://openldap.org/its/?findid=9038 Hi, The following vulnerability was published for openldap, this is for tracking, as the issue is already know to the maintainers. CVE-2019-13057[0]: openldap: rootdn of any db can assert any identity If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13057 [1] https://openldap.org/its/?findid=9038 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: openldap Source-Version: 2.4.47+dfsg-3+deb10u1 We believe that the bug you reported is fixed in the latest version of openldap, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 932...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ryan Tandy <r...@nardis.ca> (supplier of updated openldap package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 10 Aug 2019 11:58:18 -0700 Source: openldap Architecture: source Version: 2.4.47+dfsg-3+deb10u1 Distribution: buster Urgency: medium Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-de...@lists.alioth.debian.org> Changed-By: Ryan Tandy <r...@nardis.ca> Closes: 932997 932998 934277 Changes: openldap (2.4.47+dfsg-3+deb10u1) buster; urgency=medium . * Fix slapd to restrict rootDN proxyauthz to its own databases (CVE-2019-13057) (ITS#9038) (Closes: #932997) * Fix slapd to enforce sasl_ssf ACL statement on every connection (CVE-2019-13565) (ITS#9052) (Closes: #932998) * Fix slapo-rwm to not free original filter when rewritten filter is invalid (ITS#8964) (Closes: #934277, LP: #1838370) Checksums-Sha1: 930ed0e45ad3fb7501f8f1e783262d998915e9aa 2888 openldap_2.4.47+dfsg-3+deb10u1.dsc 35d41fb8212500946890eb4dd58de88d9689fb8e 167928 openldap_2.4.47+dfsg-3+deb10u1.debian.tar.xz Checksums-Sha256: ff503d526d22d0301ff34b0009023d00419e7744a3d7a9048cad07698e94b1bf 2888 openldap_2.4.47+dfsg-3+deb10u1.dsc 9dbde8632c9eb32f6282f0b37e9849a5a3a8d69b8bd9571d215230923ec5607d 167928 openldap_2.4.47+dfsg-3+deb10u1.debian.tar.xz Files: cb51898fef515807c05c062020521fee 2888 net optional openldap_2.4.47+dfsg-3+deb10u1.dsc 94d8b0a91f59388a48d69be5b2521e9a 167928 net optional openldap_2.4.47+dfsg-3+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJDBAEBCgAtFiEEPSfh0nqdQTd5kOFlIp/PEvXWa7YFAl1TGPYPHHJ5YW5AbmFy ZGlzLmNhAAoJECKfzxL11mu2ue0P/2T/Gpw9bbPAhMPxbR+7g+gn5G7eznGbiQri 6lLnwYSglnXpuNZcMdJiz7BG4oWAtH10T3lA7cjFIW5DTrQyzCTuEkXjcsefqJVP d8m+sSk2neamwD/FJ+M6o5IHJeWZL6drA4XQJqcpe/0ymmY0VXQzzn/OD18F3WPF sAWLjYh7YiLXVC9PsfdsBk5sId/0xQqY/lwm3ik52GaQUK2mZ5J75xgpdfv6ozF5 gJeF/a90QcN55V50ASF0FF2cHS7g1iMvOQ6D1oP9H/39qJOB7YcXpuAmvT/YgFnL BzxJqkDt3FzCNgzA7inPsyTkspDY38x9o+4fMNaXRsfyiKDFfivwijnIDQS2PWeO CjwJQlZePF44YzfzHtqGaM5dFH5FKyiINQaJgxbHObIFq9LhC2Vyh9FJTmF3JFY6 0iRr5j5lp+tODXvzEl+Lls+5CNASrIMDkKPQng+R+kySOtDU1LarV6a/Zca2fq/l j9eYyJghtGserQ4xA1J7Gv/Aa6Eqx8Ox55BL8sQrf/4adgj1UbFH8dxZZ2QYfO7z Amj2H8ZQAQDdmoaXVnDSO/Z5Pz4sJurrxLM54SJLxTpgtihzUkuNb7P3qb/33dhm /KEOX3IhTzxDxgUju8CRsJbCPbyFVjL2tLx8PPqwImQpO0JrKlUBIrcpRZT13BIL hCjGvSEs =PXmc -----END PGP SIGNATURE-----
--- End Message ---
