<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Salvatore Bonaccorso pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e0366f2ae0bdfdfc4898690141afa6410b93f1">69e0366f</a></strong>

<div>

<span>by Salvatore Bonaccorso</span>

<i>at 2020-07-17T21:21:03+02:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Update notes for CVE-2020-15719/openldap

In general it looks we might simply consider this a Red Hat specific

problem. The issue was disputed upstream of beeing valid, with the

comment that the behaviour in libldap conforms with RFC4513 and it is

still authoritative for OpenLDAP as RFC6125 does not supersede the rules

for verifying service identity provided in specifications for existing

application like LDAP's. For details see the comments from Ryan Tandy as

raised in <https://bugs.debian.org/965184#10>.

It would seem reasonable to not diverge from upstream in Debian unless

this problem is considered severe enough.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e0366f2ae0bdfdfc4898690141afa6410b93f1#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e0366f2ae0bdfdfc4898690141afa6410b93f1">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e0366f2ae0bdfdfc4898690141afa6410b93f1"}}</script>

</p>

</div>

</body>

</html>