[Pkg-freeipa-devel] Bug#944150: 389-ds-base: CVE-2019-14824: Read permission check bypass via the deref plugin

Utkarsh Gupta guptautkarsh2102 at gmail.com
Mon Nov 25 01:00:45 GMT 2019


Hi Timo,

On Tue, 05 Nov 2019 07:22:06 +0100 Salvatore Bonaccorso
<carnil at debian.org> wrote:
> Source: 389-ds-base
> Version: 1.4.1.6-4
> Severity: grave
> Tags: security upstream
>
> Hi,
>
> The following vulnerability was published for 389-ds-base.
>
> CVE-2019-14824[0]:
> Read permission check bypass via the deref plugin

As a part of my LTS work, I have fixed this in Jessie (upload remaining)
so attaching a patch for Buster, Bullseye, and Sid. Hope you might be
interested in the same :)

Also, while at it, this patch also works for Stretch (just a quilt
refresh) would be required :)
Requesting you to fix the same at the earliest.


Best,
Utkarsh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2019-14824.patch
Type: text/x-patch
Size: 2020 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20191125/fb1eb501/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20191125/fb1eb501/attachment.sig>


More information about the Pkg-freeipa-devel mailing list