Your message dated Mon, 18 Oct 2021 16:48:37 +0000
with message-id <[email protected]>
and subject line Bug#991405: fixed in 389-ds-base 1.4.4.17-1
has caused the Debian Bug report #991405,
regarding 389-ds-base: CVE-2021-3652
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991405: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: 389-ds-base
Version: 1.4.4.11-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/389ds/389-ds-base/issues/4817
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for 389-ds-base.
CVE-2021-3652[0]:
| CRYPT password hash with asterisk allows any bind attempt to succeed
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652
[1] https://github.com/389ds/389-ds-base/issues/4817
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: 389-ds-base
Source-Version: 1.4.4.17-1
Done: Timo Aaltonen <[email protected]>
We believe that the bug you reported is fixed in the latest version of
389-ds-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <[email protected]> (supplier of updated 389-ds-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Oct 2021 18:36:30 +0300
Source: 389-ds-base
Built-For-Profiles: noudeb
Architecture: source
Version: 1.4.4.17-1
Distribution: unstable
Urgency: medium
Maintainer: Debian FreeIPA Team <[email protected]>
Changed-By: Timo Aaltonen <[email protected]>
Closes: 991405 992696
Changes:
389-ds-base (1.4.4.17-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2021-3652 (Closes: #991405)
* tests: Add isolation-container to restrictions.
* Add a dependency to libjemalloc2, and add a symlink to it so the
preload works. (Closes: #992696)
* CVE-2017-15135.patch: Dropped, fixed by upstream issue #4817.
Checksums-Sha1:
4915d356ef574e098b27201559bee89076d947c1 2775 389-ds-base_1.4.4.17-1.dsc
42032c80d85b39c2ed3a3a4e35eec9495eb0e22a 5356426
389-ds-base_1.4.4.17.orig.tar.gz
f27056873876a8692b49733c7bf8069da7354425 440948
389-ds-base_1.4.4.17-1.debian.tar.xz
be6da9671e4fae07a176d4b610f18370fca20278 8859
389-ds-base_1.4.4.17-1_source.buildinfo
Checksums-Sha256:
7331984668b5e1070c6a33c14e1233dd1b7d3a128fdbf83156dcabb45bc1e06f 2775
389-ds-base_1.4.4.17-1.dsc
64ffa1d39f5ee63ba77706fb904434e3fbee40cba81cccce72504abb32231545 5356426
389-ds-base_1.4.4.17.orig.tar.gz
4692675c54a9c794f7b40dd635665ec5f9f5db0dc303789a0e1a78c62ee35a08 440948
389-ds-base_1.4.4.17-1.debian.tar.xz
9395f3d08ed549a996bcd80970141679c428b17a043a78efc49df5b0422da184 8859
389-ds-base_1.4.4.17-1_source.buildinfo
Files:
4aa0feb9550118cfe1f67cc860dfb0a7 2775 net optional 389-ds-base_1.4.4.17-1.dsc
42dfeb8139b43dad0006ccd5a7ff7b38 5356426 net optional
389-ds-base_1.4.4.17.orig.tar.gz
c2c86d17e60abb4ba35955ad485f112b 440948 net optional
389-ds-base_1.4.4.17-1.debian.tar.xz
e6d4a8ae6eab2f355de3b9f734122c11 8859 net optional
389-ds-base_1.4.4.17-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmFtoUsACgkQy3AxZaiJ
hNy5/hAAhTcBJ75okoFQwMUYE/J6uY5v6rK96FvZUz+N7NBEgR1BOWTR9P+lbYFB
orV2MCKLIDBpcDcjbtcVSj9LE7HqJLQTKrOgvleaCEWKCEajBYaYHSX/bgsdbthO
L0bXRO1lL6HE+K13oIYt+extDjIfhSe6ZAlOdv+a3+BVoRvPE1Zt4k058iXWUC+Y
LSFYKNVTNjx7Zm9U0PDyCjJfqcrRDPSh6eZoT7CPig9EcAJoFQ/uVgHMkBoaoG7p
HCU1s0YzCAXEF65BNjetVgKzSfpuL6igY3ZWs0KmiYzz+P/6ZPBWwJ3cGt8CI7A5
+OXfcGQCk4EG3c+X+vyhptmGfXAWkrq8IcKW6u+oHPfWegatgmS5U1CVZ2gOq4UG
zQYPq+AUl6Z1egoDw/+/mld+NvE6r2skZ3VbN/xC6/PeP1kOwaurqteZ1hdz8meT
S91tNq5f0azvsMbYBj2km35AOULpJbXpe54x03zbaMzW/XhiMrL4BcfJPXOeUt9W
2kSJnyf5/vxGMy6iHWQBb3ohS1F6eq1TQBENh3Xrt5COjFgtFvmwi5YmLE64OvZo
pYzfBQNuvhz/qYSwUG7WjbuDRTeU3fhU0ItiDRk2VEk/XYc3Wc+jNjKhDgext+7Z
3HdwOtfM3wWSyCQbb/XvdtperSkWYFLN2P9FMDRM+6KjGc+ithY=
=Bzvx
-----END PGP SIGNATURE-----
--- End Message ---
