[pkg-go] Bug#876404: Pending fixes for bugs in the golang-github-go-ldap-ldap package

pkg-go-maintainers at lists.alioth.debian.org pkg-go-maintainers at lists.alioth.debian.org
Wed Nov 29 13:15:08 UTC 2017

tag 876404 + pending

Some bugs in the golang-github-go-ldap-ldap package are closed in
revision 43d426ab9cbd78d68f72cfb0b57b2188d59649a3 in branch 'master'
by Dr. Tobias Quathamer

The full diff can be seen at

Commit message:

    Require explicit intention for empty password.
    This is normally used for unauthenticated bind, and
    https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends:
    > Clients SHOULD disallow an empty password input to a Name/Password
    > Authentication user interface
    This is a cherry-pick of 95ede12 from upstream, which fixes CVE-2017-14623.
    Closes: #876404

More information about the Pkg-go-maintainers mailing list