[Pkg-openldap-devel] slapd: dangerous access rule in default config

Ryan Tandy ryan at nardis.ca
Sat Mar 28 22:40:54 UTC 2015


Hi! Thanks for picking this up again.

On Sat, Mar 28, 2015 at 10:20:45PM +0100, Yves-Alexis Perez wrote:
>Sorry for letting this falls through the cracks. I guess we should try
>to finish this by pushing a DSA so people are aware of this.
>
>The patches looks ok, so I think we can proceed with the upload to
>security-master. I didn't yet requested a CVE on oss-sec, so I'll do it
>right now so we have it for the DSA.
>
>Any question? Again sorry for the delay.

Sounds good. I assume "the patches" means you're ok with including the 
unrelated CVE fixes I linked a couple of messages ago [1].

I'll try to provide an updated and tested debdiff asap after the CVE ID 
is assigned.

[1] http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/2015-February/006195.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20150328/58f1ac8e/attachment.sig>


More information about the Pkg-openldap-devel mailing list