Your message dated Mon, 19 Jan 2026 10:08:14 +0000
with message-id <[email protected]>
and subject line Bug#1117859: fixed in python-ldap 3.4.5-1
has caused the Debian Bug report #1117859,
regarding python-ldap: CVE-2025-61912
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1117859: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117859
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: python-ldap
Version: 3.4.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for python-ldap.
CVE-2025-61912[0]:
| python-ldap is a lightweight directory access protocol (LDAP) client
| API for Python. In versions prior to 3.4.5,
| ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a
| backslash followed by a literal NUL byte instead of the RFC-4514 hex
| form \00. Any application that uses this helper to construct DNs
| from untrusted input can be made to consistently fail before a
| request is sent to the LDAP server (e.g., AD), resulting in a
| client-side denial of service. Version 3.4.5 contains a patch for
| the issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-61912
https://www.cve.org/CVERecord?id=CVE-2025-61912
[1]
https://github.com/python-ldap/python-ldap/security/advisories/GHSA-p34h-wq7j-h5v6
[2]
https://github.com/python-ldap/python-ldap/commit/9f5b2effbafdf7af0e7064a7aa42d2739d373bd7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: python-ldap
Source-Version: 3.4.5-1
Done: Michael Fladischer <[email protected]>
We believe that the bug you reported is fixed in the latest version of
python-ldap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Fladischer <[email protected]> (supplier of updated python-ldap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 19 Jan 2026 09:11:29 +0000
Source: python-ldap
Architecture: source
Version: 3.4.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Python Team <[email protected]>
Changed-By: Michael Fladischer <[email protected]>
Closes: 1117858 1117859
Changes:
python-ldap (3.4.5-1) unstable; urgency=medium
.
* New upstream version 3.4.5
* Fixes sanitization bypass in ldap.filter.escape_filter_chars
(CVE-2025-61911) (Closes: #1117858).
* Fixes vulnerability to Improper Encoding or Escaping of Output and
Improper Null Termination (CVE-2025-61912) (Closes: #1117859).
* Build using pybuild-plugin-pyproject.
* Drop python3-all-dbg from Build-Depends, unused.
* Update information on availability of GNU GPL.
* Use uscan version 5.
* Use execute_before_ instead of override_ for running sphinxdoc.
* Build using dh-sequence-sphinxdoc.
* Drop python3-ldap-dbg.
* Use \$(CURDIR) in d/rules.
* Run wrap-and-sort -bast to reduce diff size of future changes.
Checksums-Sha1:
c54a1fe876caefc0e33d535184aeabe839f86f98 2049 python-ldap_3.4.5-1.dsc
7a2dcfcf68019f15d7aa71f2a527494b8bf0fb29 388482 python-ldap_3.4.5.orig.tar.gz
ec95bd20954cbb3b2c956d42e5169bb6b25f2b58 10412
python-ldap_3.4.5-1.debian.tar.xz
5062a1a38d803e9389c1e5461a72e70d90bb6b78 9292
python-ldap_3.4.5-1_riscv64.buildinfo
Checksums-Sha256:
ea156512ecd4b4fa173261da81cc94fc52dcdf4eaa602832d9bca1c2d7b9d489 2049
python-ldap_3.4.5-1.dsc
b2f6ef1c37fe2c6a5a85212efe71311ee21847766a7d45fcb711f3b270a5f79a 388482
python-ldap_3.4.5.orig.tar.gz
b3e74e82b859fc718c5bf28bc600fdbcca67259eb9e08ea9d6ecce6b2029999a 10412
python-ldap_3.4.5-1.debian.tar.xz
591a11f0dc714b99db9e75e8a2b5f270e01e8cdfb10e26dcdb20d7a8fb79d07f 9292
python-ldap_3.4.5-1_riscv64.buildinfo
Files:
c53aae8ed9b191cf564f9107f800c95f 2049 python optional python-ldap_3.4.5-1.dsc
ed363c1fa9767f865dcb18c7bcc9f931 388482 python optional
python-ldap_3.4.5.orig.tar.gz
638e77c286416a3e670d3332d77fa8c0 10412 python optional
python-ldap_3.4.5-1.debian.tar.xz
988904072f0dd5062c93ffe78c2cc2f4 9292 python optional
python-ldap_3.4.5-1_riscv64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEqVSlRXW87UkkCnJc/9PIi5l90WoFAmlt+bQACgkQ/9PIi5l9
0WpvqAf+J+HlaT/4UjrRn2VhSey2u9on9tbJgyHrp+C5jLgKrgyyrbVnQaDfh+3w
JlPHi68kCYDE6Pt8qrltA+/9py7Sol2bVt9fhe+ORZKXKkHqC2R7Nlgx89r9boId
H/l/lvNbPhV6KlKogEJJLhluhWXVcxyBa3QcNkT/BYc00L9O5UsMzmYcvPpzrcud
3DML+5tzCVXWCx99lE6RCHJBtBWeHvKJXiKbsVAJSxdjn/topUPaK4huS1IeHCYs
ZsG3LyntmCpwkGnZ3162ZviQzVdeTjd326rYw2Dxtj/bjE4+7BQ3PklODL8p/C27
VWYaI4p/JU/YUWAHqX6Hnc9WU4BY6Q==
=Mwmu
-----END PGP SIGNATURE-----
pgpqbCHOMgjFk.pgp
Description: PGP signature
--- End Message ---
