Re: LTS update for openldap?
Am 16.08.19 um 01:53 schrieb Ryan Tandy: > On Wed, Aug 14, 2019 at 10:13:06PM +0200, Markus Koschany wrote: >> Thank you for preparing an update for openldap in Jessie. I will take >> care of all necessary paper work and upload the package for you. > > Great. Thank you! I uploaded the package to mentors.d.n, so the source > package is available at: > > https://mentors.debian.net/debian/pool/main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5.dsc > > >> Can you send some instructions to the list how I can verify the patches? > > I have attached test scripts for verifying all three issues. Let me know > if I can explain or clarify anything about how they work. Thank you very much. I have uploaded openldap 2.4.40+dfsg-1+deb8u5 to Jessie and announced it as DLA-1891-1. Regards, Markus signature.asc Description: OpenPGP digital signature
Re: LTS update for openldap?
On Wed, Aug 14, 2019 at 10:13:06PM +0200, Markus Koschany wrote: Thank you for preparing an update for openldap in Jessie. I will take care of all necessary paper work and upload the package for you. Great. Thank you! I uploaded the package to mentors.d.n, so the source package is available at: https://mentors.debian.net/debian/pool/main/o/openldap/openldap_2.4.40+dfsg-1+deb8u5.dsc Can you send some instructions to the list how I can verify the patches? I have attached test scripts for verifying all three issues. Let me know if I can explain or clarify anything about how they work. thanks, Ryan test-its8964.sh Description: Bourne shell script test-its9038.sh Description: Bourne shell script test-its9052.sh Description: Bourne shell script
Re: LTS update for openldap?
Hello Ryan, Am 14.08.19 um 21:36 schrieb Ryan Tandy: > Dear LTS team, > > I propose updating openldap in jessie to fix two no-DSA CVEs and one > additional important bug. The same changes have been accepted for the > next point releases of buster (#934507) and stretch (#934508). > > The issues all affect specific, mostly uncommon, slapd configurations, > which is why they were considered not urgent enough for a DSA. > > I have built and tested the package in a jessie chroot. If you would > like to verify the fixes yourselves, I can provide testing instructions > and scripts for the individual issues. > > If you agree with the changes, I would appreciate if someone would > handle the LTS paperwork for me, and sponsor the upload (if needed -- I > am a DM). Thank you for preparing an update for openldap in Jessie. I will take care of all necessary paper work and upload the package for you. Can you send some instructions to the list how I can verify the patches? [...] > Also, could you please add openldap to the lts-do-call-me list? Done. Regards, Markus signature.asc Description: OpenPGP digital signature
