[Pkg-openldap-devel] Bug#448644: Bug#448644: Bug#448644: CVE-2007-5708 remote denial of service

Matthijs Mohlmann matthijs at cacholong.nl
Mon Nov 5 10:13:24 UTC 2007


Russ Allbery wrote:
> Nico Golde <nion at debian.org> writes:
> 
>> Hi,
>> attached is a proposal for an NMU.
>> It will be archived on:
>> http://people.debian.org/~nion/nmu-diff/openldap2.3-2.38-1_2.3.38-1.1.patch
> 
> I'm not sure why we would do this rather than just package 2.3.39.
> Wouldn't the latter be a better idea for unstable?  (For the stable
> security release, of course, we should just cherry-pick the one fix,
> assuming it applies to the stable version, which I haven't checked.)
> 
> Also, 2.4 is now officially released, so we should really switch to that
> ASAP so that we can get rid of 2.2.  I'll send more mail about that later
> this week, though, since that's going to be a complex transition.
> Upgrading to the upstream 2.3.39 release should be simple.
> 

Upgrade to 2.3.39 is I think the better choice here and after that we 
can make the switch to 2.4. And now that 2.4 is officially released I 
can add some initially packaging for 2.4 in svn.

Regards,

Matthijs Mohlmann





More information about the Pkg-openldap-devel mailing list