[pkg-go] golang-github-go-ldap-ldap_2.4.1-1+deb9u1_amd64.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sun Dec 3 21:11:44 UTC 2017
Mapping stretch to stable.
Mapping stable to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 29 Nov 2017 23:45:26 +0100
Source: golang-github-go-ldap-ldap
Binary: golang-github-go-ldap-ldap-dev
Architecture: source all
Version: 2.4.1-1+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: pkg-go <pkg-go-maintainers at lists.alioth.debian.org>
Changed-By: Dr. Tobias Quathamer <toddy at debian.org>
Description:
golang-github-go-ldap-ldap-dev - Basic LDAP v3 functionality for the Go programming language
Closes: 876404
Changes:
golang-github-go-ldap-ldap (2.4.1-1+deb9u1) stretch; urgency=medium
.
* Team upload.
* Require explicit intention for empty password.
This is normally used for unauthenticated bind, and
https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends:
"Clients SHOULD disallow an empty password input to a Name/Password
Authentication user interface"
This is (mostly) a cherry-pick of 95ede12 from upstream, except
the bit in ldap_test.go, which is unrelated to the security issue.
This fixes CVE-2017-14623. (Closes: #876404)
Checksums-Sha1:
ea84eca5b7aa9fee4f9bb3e1a95158d9f2c56b52 2223 golang-github-go-ldap-ldap_2.4.1-1+deb9u1.dsc
fff71768d88342f57aabf4d33102950b1755b04b 33674 golang-github-go-ldap-ldap_2.4.1.orig.tar.gz
e67aff5db4ddaf4535e747bec504a196a819c3ab 4620 golang-github-go-ldap-ldap_2.4.1-1+deb9u1.debian.tar.xz
71b9526f76fad2fefafaa508d8c41a99b76b641e 30570 golang-github-go-ldap-ldap-dev_2.4.1-1+deb9u1_all.deb
e0a332f868ab66f53c947776f76edfe29eceb78e 5883 golang-github-go-ldap-ldap_2.4.1-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
ef955905738d97ee3e80273012e2646dbbc919f14b1eeb4f8c7d4ca5b9ab0ac5 2223 golang-github-go-ldap-ldap_2.4.1-1+deb9u1.dsc
958d8cd684b0578ca16289bcbdcfa25018e7af4c08eb7adc99a5f5a541b29c29 33674 golang-github-go-ldap-ldap_2.4.1.orig.tar.gz
5ed5655409eddf8b0f9df20689cf67a4fdaeee410955721f59cadd498932f118 4620 golang-github-go-ldap-ldap_2.4.1-1+deb9u1.debian.tar.xz
1bb686072f3b8186c2b917b789f33f59bb2e98c80f551bebbcf5ddc84267435d 30570 golang-github-go-ldap-ldap-dev_2.4.1-1+deb9u1_all.deb
74c44af6ac520976917793b2d08fb7b49cf226d8510ddae3e5370fd923aa681c 5883 golang-github-go-ldap-ldap_2.4.1-1+deb9u1_amd64.buildinfo
Files:
416725ba71351016c4827c8493c0a326 2223 devel extra golang-github-go-ldap-ldap_2.4.1-1+deb9u1.dsc
9b92afe3a5658d017c68ade126fdf68e 33674 devel extra golang-github-go-ldap-ldap_2.4.1.orig.tar.gz
0426918d62c841a260b4708ddf1c7b66 4620 devel extra golang-github-go-ldap-ldap_2.4.1-1+deb9u1.debian.tar.xz
d9cc19be2c741be84a8a3cc52b7491fb 30570 devel extra golang-github-go-ldap-ldap-dev_2.4.1-1+deb9u1_all.deb
f7eadcf8bae23929f7260d80bb49c431 5883 devel extra golang-github-go-ldap-ldap_2.4.1-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE0cuPObxd7STF0seMEwLx8Dbr6xkFAlokSooACgkQEwLx8Dbr
6xm1eQ/+K3IzgqAD65X9G9eFfLdG74ogI3Ey7eifjZJVgp1CyRyje1CeYjufVXu6
AasK8FGddR4KV4t0bWE35/jmlfnCzPYdrR5GYB4Q84l+XIkngt6GNCQcSpHACvzU
Wo9hz6BGGf9en/M+tJgwQdvS2M+ixIhVM3efkQmLk61EySa+a9eFtrso0hGLcDnm
PLSZVGIMo4rqPhOv+7tIrKXdjiOyPR4KxqJvzjH69WCkhwhKRmhG7jSAd15Rkgv/
v/SVbMSXqZrhrCuAvsGETu/c78ibWs3FbqsBPVx2bON8vo+GhnSf4alBk9CxY6gG
bqiHLi1827ddzfWVJCN3V4XUKkmLLFizZGvHJmEP7/CSTRLmn0v5Jn+Uvn6pMrpc
71+f5hWOvfh0RiToD/B+0c32RINhrli7X1Q3Uv2Kh6BXfZk+nP1UBLW3l3zuMKa1
z4GnKwC98qrxtL6/Kz4kYhvs8EszQ6uhGHHVFWGUHOlAyEJ9UqVxiKWNr17ZodWG
IDqnIlj4l6czzlbQHUnsBPx1Wx6Wr3gpEFbsN8EJ+0pXg+czyhaxZu8DFfH11HJM
2cb9qZkQlcMGQahT0c8gQFmjb8FzB/MSGgiKa2YLH+ORwMCSvpLqFcupCOSYZg7p
7OlTaEimjZzjamCTIAdOlUf2k/XcRidn9NHf/yz3XL77fKmcPZ8=
=8crU
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-go-maintainers
mailing list