[Pkg-openldap-devel] Bug#465875: [Fwd: Fwd: [USN-584-1] OpenLDAP vulnerabilities]
Moritz Muehlenhoff
jmm at inutil.org
Mon Mar 24 10:56:43 UTC 2008
On Sun, Mar 23, 2008 at 04:05:00PM -0700, Steve Langasek wrote:
> found 465875 2.3.30-5
> thanks
>
> On Wed, Mar 12, 2008 at 12:54:03PM +1100, Brian May wrote:
>
> > Can you please confirm if this is an issue for the Debian stable version
> > (2.3.30-5)? I get the impression that 2.3.30 is affected, and I can't
> > see any security updates.
>
> Yes, etch is affected. However, this is a DoS attack rather than a
> privilege escalation vector, which AIUI is not normally grounds for a DSA.
> Security team, the patch for this issue is attached - what say you? Should
> I upload it to stable-security, or to proposed-updates?
Whether DoS issues warrants a security update depend highly on the
nature of the affected application. For core infrastructure packages
like slapd this is usually the case.
I'll take care of an update based your diff (there are three more I'll
check, whether they affect Etch).
> (sarge is probably also affected, but since security support for sarge will
> be terminated on March 31, I'm not sure I care enough to fish an update for
> that version...)
I agree since the update will take a couple more days anyway.
Cheers,
Moritz
More information about the Pkg-openldap-devel
mailing list