Bug#1135820: marked as done (trixie-pu: package 389-ds-base/3.1.2+dfsg1-1+deb13u1)

Sat, 16 May 2026 03:42:37 -0700 

Your message dated Sat, 16 May 2026 10:23:16 +0000
with message-id <[email protected]>
and subject line Released with 13.5
has caused the Debian Bug report #1135820,
regarding trixie-pu: package 389-ds-base/3.1.2+dfsg1-1+deb13u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1135820: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135820
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: trixie moreinfo
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:389-ds-base
User: [email protected]
Usertags: pu

  * Fix CVE-2025-14905. (Closes: #1130910)

Tagged moreinfo, as question to the security team whether they want
this in pu or as DSA.

diffstat for 389-ds-base-3.1.2+dfsg1 389-ds-base-3.1.2+dfsg1

 changelog                                          |    9 ++
 patches/0001-Security-fix-for-CVE-2025-14905.patch |   93 +++++++++++++++++++++
 patches/series                                     |    1 
 3 files changed, 103 insertions(+)

diff -Nru 389-ds-base-3.1.2+dfsg1/debian/changelog 
389-ds-base-3.1.2+dfsg1/debian/changelog
--- 389-ds-base-3.1.2+dfsg1/debian/changelog    2025-04-10 14:06:13.000000000 
+0300
+++ 389-ds-base-3.1.2+dfsg1/debian/changelog    2026-05-05 10:09:43.000000000 
+0300
@@ -1,3 +1,12 @@
+389-ds-base (3.1.2+dfsg1-1.1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+
+  [ Timo Aaltonen ]
+  * patches: Fix CVE-2025-14905. (Closes: #1130910)
+
+ -- Adrian Bunk <[email protected]>  Tue, 05 May 2026 10:09:43 +0300
+
 389-ds-base (3.1.2+dfsg1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru 
389-ds-base-3.1.2+dfsg1/debian/patches/0001-Security-fix-for-CVE-2025-14905.patch
 
389-ds-base-3.1.2+dfsg1/debian/patches/0001-Security-fix-for-CVE-2025-14905.patch
--- 
389-ds-base-3.1.2+dfsg1/debian/patches/0001-Security-fix-for-CVE-2025-14905.patch
   1970-01-01 02:00:00.000000000 +0200
+++ 
389-ds-base-3.1.2+dfsg1/debian/patches/0001-Security-fix-for-CVE-2025-14905.patch
   2026-05-05 10:08:45.000000000 +0300
@@ -0,0 +1,93 @@
+From e2562f5894dd05a3b062e7820f471f2f8e12b85d Mon Sep 17 00:00:00 2001
+From: tbordaz <[email protected]>
+Date: Wed, 25 Feb 2026 14:06:42 +0100
+Subject: [PATCH] Security fix for CVE-2025-14905
+
+Description:
+       A vulnerability was found in the 389 Directory Server.
+       The 389 Directory Server present a risk of heap buffer overflow that
+       can be exploited to excute a Denial of Service and potential Remote
+       Code Execution
+
+References:
+    - https://access.redhat.com/security/cve/CVE-2025-14905
+    - https://bugzilla.redhat.com/show_bug.cgi?id=2423624
+---
+ ldap/servers/slapd/schema.c | 47 ++++++++++++++++++++++++++++++-------
+ 1 file changed, 38 insertions(+), 9 deletions(-)
+
+diff --git a/ldap/servers/slapd/schema.c b/ldap/servers/slapd/schema.c
+index 9ef4ee4bf..7712a720d 100644
+--- a/ldap/servers/slapd/schema.c
++++ b/ldap/servers/slapd/schema.c
+@@ -1410,6 +1410,7 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void 
*arg)
+     const char *attr_desc, *syntaxoid;
+     char *outp, syntaxlengthbuf[128];
+     int i;
++    int nb_aliases = 0;
+ 
+     vals[0] = &val;
+ 
+@@ -1435,6 +1436,7 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, void 
*arg)
+     if (asip->asi_aliases != NULL) {
+         for (i = 0; asip->asi_aliases[i] != NULL; ++i) {
+             aliaslen += strlen(asip->asi_aliases[i]);
++            nb_aliases++;
+         }
+     }
+ 
+@@ -1452,15 +1454,42 @@ schema_attr_enum_callback(struct asyntaxinfo *asip, 
void *arg)
+      * XXX: 256 is a magic number... it must be big enough to account for
+      * all of the fixed sized items we output.
+      */
+-    sizedbuffer_allocate(aew->psbAttrTypes, 256 + strlen(asip->asi_oid) +
+-                                                strlen(asip->asi_name) +
+-                                                aliaslen + 
strlen_null_ok(attr_desc) +
+-                                                strlen(syntaxoid) +
+-                                                
strlen_null_ok(asip->asi_superior) +
+-                                                
strlen_null_ok(asip->asi_mr_equality) +
+-                                                
strlen_null_ok(asip->asi_mr_ordering) +
+-                                                
strlen_null_ok(asip->asi_mr_substring) +
+-                                                strcat_extensions(NULL, 
asip->asi_extensions));
++    {
++        int asi_oid_strlen = strlen(asip->asi_oid) + 8;      /* "( %s NAME " 
*/
++        int asi_name_strlen = strlen(asip->asi_name) + 6;    /* "( '%s' ...)" 
*/
++        int asi_aliases_strlen = aliaslen + nb_aliases * 3;  /* "'%s' " */
++        int asi_desc_strlen = strlen_null_ok(attr_desc) + 7; /* "DESC '%s'" */
++        int asi_syntaxoid_strlen = strlen("SYNTAX ") + strlen(syntaxoid) + 
strlen(syntaxlengthbuf);
++        int asi_superior_strlen = strlen("SUP ") + 
strlen_null_ok(asip->asi_superior);
++        int asi_mr_equality_strlen = strlen("EQUALITY ") + 
strlen_null_ok(asip->asi_mr_equality);
++        int asi_mr_ordering_strlen = strlen("ORDERING ") + 
strlen_null_ok(asip->asi_mr_ordering);
++        int asi_mr_substring_strlen = strlen("SUBSTR ") + 
strlen_null_ok(asip->asi_mr_substring);
++        int asi_flags_strlen = strlen("SINGLE-VALUE ") +
++                               strlen(schema_obsolete_with_spaces) +
++                               strlen(schema_collective_with_spaces) +
++                               strlen(schema_nousermod_with_spaces) +
++                               strlen("USAGE distributedOperation ") +
++                               strlen("USAGE dSAOperation ") +
++                               strlen("USAGE directoryOperation ");
++        int asi_extension_strlen = strcat_extensions(NULL, 
asip->asi_extensions);
++
++        if (aew->enquote_sup_oc) {
++            /* it enquote the syntax oid */
++            asi_syntaxoid_strlen += 2;
++        }
++
++    sizedbuffer_allocate(aew->psbAttrTypes, 256 + asi_oid_strlen +
++                                                  asi_name_strlen +
++                                                  asi_aliases_strlen +
++                                                  asi_desc_strlen +
++                                                  asi_syntaxoid_strlen +
++                                                  asi_superior_strlen +
++                                                  asi_mr_equality_strlen +
++                                                  asi_mr_ordering_strlen +
++                                                  asi_mr_substring_strlen +
++                                                  asi_extension_strlen +
++                                                  asi_flags_strlen);
++    }
+ 
+     /*
+      * Overall strategy is to maintain a pointer to the next location in
+-- 
+2.53.0
+
diff -Nru 389-ds-base-3.1.2+dfsg1/debian/patches/series 
389-ds-base-3.1.2+dfsg1/debian/patches/series
--- 389-ds-base-3.1.2+dfsg1/debian/patches/series       2025-04-10 
13:56:01.000000000 +0300
+++ 389-ds-base-3.1.2+dfsg1/debian/patches/series       2026-05-05 
10:08:58.000000000 +0300
@@ -3,3 +3,4 @@
 allow-newer-crates.diff
 base64.diff
 0001-Security-fix-for-CVE-2025-2487.patch
+0001-Security-fix-for-CVE-2025-14905.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 13.5

This update has been released as part of Debian 13.5.

--- End Message ---

Reply via email to