[Pkg-openldap-devel] planning another jessie upload
Ryan Tandy
ryan at nardis.ca
Wed Feb 4 17:12:53 UTC 2015
Hi,
I've tested the patches for #776988 and #776991 and intend to ask the
release team for approval to upload them, with the justification that
it's easy for an unauthenticated remote user to cause slapd to crash.
(Not even read access is needed.) #776988 only affects deref (not
enabled by default), but I don't know of a configuration that can
mitigate #776991. Any comments on these?
Is anyone aware of other patches that should go into jessie? I looked
through the git log since 2.4.40 but didn't see anything that I thought
I could explain well enough to justify (or, for that matter, generate a
test case); ITS#8036, ITS#7970 for example. Hopefully it's sufficient if
the next release goes into jessie-backports later.
thanks,
Ryan
More information about the Pkg-openldap-devel
mailing list