Bug#991614: apache-directory-server: CVE-2021-33900
Salvatore Bonaccorso
carnil at debian.org
Sun Aug 1 19:41:05 BST 2021
Hi Markus,
On Sun, Aug 01, 2021 at 05:53:55PM +0200, Salvatore Bonaccorso wrote:
> Hi Markus,
>
> On Sun, Aug 01, 2021 at 05:28:23PM +0200, Markus Koschany wrote:
> > On Wed, 28 Jul 2021 17:44:49 +0200 Salvatore Bonaccorso <carnil at debian.org>
> > wrote:
> >
> > > Hi,
> > >
> > > The following vulnerability was published for apache-directory-server.
> > >
> > > CVE-2021-33900[0]:
> >
> >
> > Hi Salvatore,
> >
> > are you sure CVE-2021-33900 corresponds to apache-directory-server as well? To
> > me it seems the vulnerability is in apache-directory-studio which is a
> > different Apache project
> >
> > https://github.com/apache/directory-studio/
> >
> > We haven't packaged that yet.
>
> I will have a look again (hopefully today) and come back to you again.
> Maybe this was a mistake, so I will recheck.
So aboslutely correct. The issue is in Apache Directory Studio. It
went from a error in tracking initially in 7adc1d9f0406
("CVE-2021-33900/apacheds") in the security-tracker repo, to fixing
the source package name in cff955e4f7e3 ("CVE-2021-33900: Track source
package name apache-directory-server") but without noticing the wrong
source package affected.
So, right, and closing this issue (and corrected along the
security-tracker tracking of CVE-2021-33900).
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list