@cody-somerville new bug opened for that at
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1350778
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1347614
Title:
Fix for CVE-2013-0288
There is a serious bug here that is not introduced in this change but on
upgrade none the less causes /etc/nslcd.conf to get mangled creating
situation where one is no longer able to access their server. :(
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Thanks for your guidance on this.
I've attached a new debdiff with the minimal patch. I would have liked
to incorporate the poll() changes, but it makes sense to do the minimum
to fix this bug for now.
Patch was applied from http://arthurdejong.org/git/nss-pam-
Resubscribing the security sponsors team.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1347614
Title:
Fix for CVE-2013-0288 in precise package
To manage notifications about this bug go to:
ACK on the debdiff, the package is building now and will be released
today.
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1347614
Title:
Fix for CVE-2013-0288 in precise package
To manage
This bug was fixed in the package nss-pam-ldapd - 0.8.4ubuntu0.3
---
nss-pam-ldapd (0.8.4ubuntu0.3) precise-security; urgency=low
* SECURITY UPDATE: denial of service related to incorrect use
of the FD_SET macro.
- http://arthurdejong.org/nss-pam-ldapd/CVE-2013-0288
-
Thanks for the debdiff! I have a few comments:
* debian/changelog does not use 'precise-security'
* debian/changelog is too terse. Per
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Update_the_packaging, it
should be something like:
* SECURITY UPDATE: use poll() instead of select()
Err, sorry, I meant the security sponsors team.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1347614
Title:
Fix for CVE-2013-0288 in precise package
To manage notifications about this bug go to:
Subscribing the sponsors team.
Package seems to build fine on precise. Backported patch does not match
the upstream fix 100%, needs review.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1347614
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1347614
Title:
Fix for CVE-2013-0288 in precise package
To manage notifications about this
The attachment Backported from http://arthurdejong.org/git/nss-pam-
ldapd/commit/?id=f266f05f20afe73e89c3946a7bd60bd7c5948e1b seems to be a
debdiff. The ubuntu-sponsors team has been subscribed to the bug report
so that they can review and hopefully sponsor the debdiff. If the
attachment isn't a
11 matches
Mail list logo
