[Pkg-openldap-devel] Bug#465875: [Fwd: Fwd: [USN-584-1] OpenLDAP vulnerabilities]
Moritz Muehlenhoff
jmm at inutil.org
Thu Apr 3 21:30:12 UTC 2008
On Mon, Mar 24, 2008 at 11:56:43AM +0100, Moritz Muehlenhoff wrote:
> On Sun, Mar 23, 2008 at 04:05:00PM -0700, Steve Langasek wrote:
> > found 465875 2.3.30-5
> > thanks
> >
> > On Wed, Mar 12, 2008 at 12:54:03PM +1100, Brian May wrote:
> >
> > > Can you please confirm if this is an issue for the Debian stable version
> > > (2.3.30-5)? I get the impression that 2.3.30 is affected, and I can't
> > > see any security updates.
> >
> > Yes, etch is affected. However, this is a DoS attack rather than a
> > privilege escalation vector, which AIUI is not normally grounds for a DSA.
> > Security team, the patch for this issue is attached - what say you? Should
> > I upload it to stable-security, or to proposed-updates?
>
> Whether DoS issues warrants a security update depend highly on the
> nature of the affected application. For core infrastructure packages
> like slapd this is usually the case.
>
> I'll take care of an update based your diff (there are three more I'll
> check, whether they affect Etch).
Sorry, I've been busy so it took longer than expected. I have backported
patches ready, I'll push this into the security buildd network tomorrow.
Cheers,
Moritz
More information about the Pkg-openldap-devel
mailing list