[Pkg-openldap-devel] Bug#465875: [Fwd: Fwd: [USN-584-1] OpenLDAP vulnerabilities]
Steve Langasek
vorlon at debian.org
Sun Mar 23 23:05:00 UTC 2008
found 465875 2.3.30-5
thanks
On Wed, Mar 12, 2008 at 12:54:03PM +1100, Brian May wrote:
> Can you please confirm if this is an issue for the Debian stable version
> (2.3.30-5)? I get the impression that 2.3.30 is affected, and I can't
> see any security updates.
Yes, etch is affected. However, this is a DoS attack rather than a
privilege escalation vector, which AIUI is not normally grounds for a DSA.
Security team, the patch for this issue is attached - what say you? Should
I upload it to stable-security, or to proposed-updates?
(sarge is probably also affected, but since security support for sarge will
be terminated on March 31, I'm not sure I care enough to fish an update for
that version...)
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openldap2.3-CVE-2008-0658.diff
Type: text/x-diff
Size: 1757 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20080323/2b173f7a/attachment.diff
More information about the Pkg-openldap-devel
mailing list