[Pkg-openldap-devel] [SRM] proposed stable update openldap
Thijs Kinkhorst
thijs at debian.org
Mon May 30 08:12:03 UTC 2011
Hi,
I've prepared a proposed update to squeeze for openldap. The maintainers
of that package let me know they would like some help so I've proposed
this update to them last week, and received no objections.
I have installed this update in our LDAP test environment with no issues
found.
It contains 3 changes:
- A data loss bug which has been fixed in unstable for a while now;
- Three low-prio security updates which have been in Ubuntu for some time;
- A grave problem when reconfiguring the package.
Changelog follows, debdiff is attached. Please let me know if it's OK to
upload.
openldap (2.4.23-7.1) stable; urgency=low
* Non-maintainer upload targeted at stable.
* Picked the following patches from various sources:
[ Matthijs Möhlmann ]
* Update patch service-operational-before-detach (Closes: #616164, #598361)
[ Ubuntu Security Team / Jamie Strandboge ]
* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
using forwarded authentication failures
- debian/patches/CVE-2011-1024
- CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and
using ndb
backend. Note: Debian is not compiled with --enable-ndb by default
- debian/patches/CVE-2011-1025
- CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
and requestDN is empty
- debian/patches/CVE-2011-1081
- CVE-2011-1081
- LP: #742104, Closes: 617606
[ Raphaël Hertzog ]
* Fix "dpkg-reconfigure slapd". Closes: #596343
-- Thijs Kinkhorst <thijs at debian.org> Wed, 25 May 2011 16:40:39 +0200
Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openldap_stable.debdiff
Type: application/octet-stream
Size: 9681 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20110530/93fcc7bd/attachment-0001.obj>
More information about the Pkg-openldap-devel
mailing list