Bug#898138: marked as done (389-ds-base: CVE-2018-1089)

Fri, 01 Jun 2018 21:57:34 -0700 

Your message dated Sat, 2 Jun 2018 07:53:46 +0300
with message-id <93b3bd78-32d3-0d16-7e1c-a125057e0...@debian.org>
and subject line Re: [Pkg-freeipa-devel] Bug#898138: 389-ds-base: CVE-2018-1089
has caused the Debian Bug report #898138,
regarding 389-ds-base: CVE-2018-1089
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
898138: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898138
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: 389-ds-base
Version: 1.3.7.10-1
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

The following vulnerability was published for 389-ds-base.

CVE-2018-1089[0]:
unauthenticated ns-slapd crash via largefilter value in ldapsearch

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1089
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1089
[1] http://www.openwall.com/lists/oss-security/2018/05/07/2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
fixed 898138 1.3.8.2-1
thanks

On 07.05.2018 22:47, Salvatore Bonaccorso wrote:
> Source: 389-ds-base
> Version: 1.3.7.10-1
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Hi,
> 
> The following vulnerability was published for 389-ds-base.
> 
> CVE-2018-1089[0]:
> unauthenticated ns-slapd crash via largefilter value in ldapsearch
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2018-1089
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1089
> [1] http://www.openwall.com/lists/oss-security/2018/05/07/2
> 
> Please adjust the affected versions in the BTS as needed.

This was fixed upstream in 1.3.8.1 and I uploaded 1.3.8.2-1 yesterday
and didn't notice this bug until now..


-- 
t

--- End Message ---

Reply via email to