[Pkg-openldap-devel] [openldap] 04/09: remove default 'by self write' (#761406)
Ryan Tandy
rtandy-guest at moszumanska.debian.org
Tue Apr 14 00:19:32 UTC 2015
This is an automated email from the git hooks/post-receive script.
rtandy-guest pushed a commit to branch squeeze
in repository openldap.
commit 46ae74a56c655f79b3371e71e0550d6f0caddf62
Author: Ryan Tandy <ryan at nardis.ca>
Date: Sat Sep 13 11:57:52 2014 -0700
remove default 'by self write' (#761406)
Cherry-picked from c7dd3bf and 07fb45d.
Conflicts:
debian/changelog
---
debian/changelog | 7 +++++++
debian/slapd.init.ldif | 1 -
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index f40c570..aeb5955 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+openldap (2.4.23-7.3+deb6u1) UNRELEASED; urgency=high
+
+ * debian/slapd.init.ldif: Disallow modifying one's own entry by default,
+ except specific attributes. (CVE-2014-9713) (Closes: #761406)
+
+ -- Ryan Tandy <ryan at nardis.ca> Mon, 13 Apr 2015 08:53:26 -0700
+
openldap (2.4.23-7.3) stable; urgency=low
* Non-maintainer upload targeted at stable
diff --git a/debian/slapd.init.ldif b/debian/slapd.init.ldif
index 6a237e0..f5f8381 100644
--- a/debian/slapd.init.ldif
+++ b/debian/slapd.init.ldif
@@ -79,7 +79,6 @@ olcAccess: to attrs=userPassword,shadowLastChange
by * none
olcAccess: to dn.base="" by * read
olcAccess: to *
- by self write
by dn="cn=admin, at SUFFIX@" write
by * read
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git
More information about the Pkg-openldap-devel
mailing list