[pkg-go] Bug#876404: Pending fixes for bugs in the golang-github-go-ldap-ldap package
tag 876404 + pending thanks Some bugs in the golang-github-go-ldap-ldap package are closed in revision e357b3fd4067f7b070a2031bdf9d3ae91ca00278 in branch ' stretch' by Dr. Tobias Quathamer The full diff can be seen at https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-go-ldap-ldap.git/commit/?id=e357b3f Commit message: Require explicit intention for empty password. This is normally used for unauthenticated bind, and https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends: > Clients SHOULD disallow an empty password input to a Name/Password > Authentication user interface This is (mostly) a cherry-pick of 95ede12 from upstream. I've removed the bit in ldap_test.go, which is unrelated to the security issue. This fixes CVE-2017-14623. https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66 Closes: #876404 ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers
[pkg-go] Bug#876404: Pending fixes for bugs in the golang-github-go-ldap-ldap package
tag 876404 + pending thanks Some bugs in the golang-github-go-ldap-ldap package are closed in revision 43d426ab9cbd78d68f72cfb0b57b2188d59649a3 in branch 'master' by Dr. Tobias Quathamer The full diff can be seen at https://anonscm.debian.org/cgit/pkg-go/packages/golang-github-go-ldap-ldap.git/commit/?id=43d426a Commit message: Require explicit intention for empty password. This is normally used for unauthenticated bind, and https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends: > Clients SHOULD disallow an empty password input to a Name/Password > Authentication user interface This is a cherry-pick of 95ede12 from upstream, which fixes CVE-2017-14623. https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66 Closes: #876404 ___ Pkg-go-maintainers mailing list Pkg-go-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-go-maintainers