[Petter Reinholdtsen] > [Petter Reinholdtsen] >> These are the changelog entries since the version currently in >> testing: > > Since my first request for a freeze exception, a serious security > issue was discovered and fixed. I just uploaded the fix. This is the > changelog: > > sssd (1.2.1-4) unstable; urgency=low > > * Add patch from Stephen Gallagher to ensure LDAP authentication > never accept a zero length password (Closes: #594413). Solves > CVE-2010-2940. > > -- Petter Reinholdtsen <[email protected]> Wed, 25 Aug 2010 22:33:40 +0200 > > JFYI.
Any news on this freeze exception request? I believe the sssd package in squeeze is unreleasable with bug #594413 in place, so it would be very nice if a fix would make it into squeeze soon. The fix was uploaded to unstable 4 days ago, with I admit wrong urgency low instead of high, and it would be nice if those using sssd with LDAP authentication in Squeeze can get their security back soon. :) Luckily there are very few users of sssd according to popcon.debian.org. :) Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
