[Pkg-freeipa-devel] Bug#781346: Bug#781346: slapi-nis: CVE-2015-0283: infinite loop in getgrnam_r() and getgrgid_r()
Timo Aaltonen
tjaalton at debian.org
Thu Apr 2 12:03:36 UTC 2015
On 27.03.2015 21:03, Salvatore Bonaccorso wrote:
> Source: slapi-nis
> Version: 0.54-1
> Severity: grave
> Tags: security upstream fixed-upstream
>
> Hi Timo,
>
> the following vulnerability was published for slapi-nis. I was not
> able to verify the issue itself but only checked patch-wise.
>
> CVE-2015-0283[0]:
> infinite loop in getgrnam_r() and getgrgid_r()
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-0283
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1195729
So I pushed a new upstream version instead of pulling commits, since
upstream said it needed all (four) commits between 0.54.1..0.54.2. And
.1 brought only two commits more.
But this could be dropped from jessie too if necessary, there are no
packages that depend on it.
--
t
More information about the Pkg-freeipa-devel
mailing list