Bug#377047: [Pkg-openldap-devel] Bug#377047: slapd: Vulnerable to
CVE-2006-2754 (buffer overflow)
Martin Pitt
mpitt at debian.org
Sun Jul 9 13:51:37 UTC 2006
Hi Torsten,
Torsten Landschoff [2006-07-08 17:42 +0200]:
> > There is a buffer overflow in st.c. Please see
> >
> > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2754
> >
> > for links to more detailled descriptions and a pointer to the upstream
> > CVS patch.
> >
> > Please mention the CVE number in the changelog when you fix this.
>
> How is the current procedure for security uploads (RTFM pointer is good
> enough)? We can surely provide an updated package for sarge but I fear
> duplicated work with the security team.
Normally the security team is glad to get security updates prepared by
the maintainers. Please just mail security at d.o. with a short
description and the CVE number and tell them that you will prepare an
update. Then follow up with a source package and they will you give ok
to upload or discuss changes with you.
http://www.de.debian.org/doc/developers-reference/ch-pkgs.en.html#s-bug-security
has some more details.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntu.com
Debian Developer http://www.debian.org
In a world without walls and fences, who needs Windows and Gates?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20060709/3a1b744c/attachment.pgp
More information about the Pkg-openldap-devel
mailing list