Package: slapd Severity: grave Tags: security, patch Justification: user security hole
Hi The following email came over the public security list: Hi, Remote unauthenticated attackers can trigger an assertion in the ASN.1 BER decoding of openlap and crash the server: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580 cu Ludwig An upstream patch seems to be here: http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121&hideattic=1&sortbydate=0 Please make sure that you upload your package with high urgency or contact us on the public email list[0] for a possible DTSA coordination. Cheers Steffen [0]: [email protected] _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
