[Pkg-openldap-devel] Bug#448644: Bug#448644: CVE-2007-5708 remote denial of service

Russ Allbery rra at debian.org
Mon Nov 5 03:15:46 UTC 2007


Nico Golde <nion at debian.org> writes:

> Hi,
> attached is a proposal for an NMU.
> It will be archived on:
> http://people.debian.org/~nion/nmu-diff/openldap2.3-2.38-1_2.3.38-1.1.patch

I'm not sure why we would do this rather than just package 2.3.39.
Wouldn't the latter be a better idea for unstable?  (For the stable
security release, of course, we should just cherry-pick the one fix,
assuming it applies to the stable version, which I haven't checked.)

Also, 2.4 is now officially released, so we should really switch to that
ASAP so that we can get rid of 2.2.  I'll send more mail about that later
this week, though, since that's going to be a complex transition.
Upgrading to the upstream 2.3.39 release should be simple.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>





More information about the Pkg-openldap-devel mailing list