[Pkg-openldap-devel] slapd: dangerous access rule in default config
Yves-Alexis Perez
corsac at debian.org
Sun Mar 29 14:02:49 UTC 2015
On sam., 2015-03-28 at 15:40 -0700, Ryan Tandy wrote:
> Hi! Thanks for picking this up again.
>
> On Sat, Mar 28, 2015 at 10:20:45PM +0100, Yves-Alexis Perez wrote:
> >Sorry for letting this falls through the cracks. I guess we should try
> >to finish this by pushing a DSA so people are aware of this.
> >
> >The patches looks ok, so I think we can proceed with the upload to
> >security-master. I didn't yet requested a CVE on oss-sec, so I'll do it
> >right now so we have it for the DSA.
> >
> >Any question? Again sorry for the delay.
>
> Sounds good. I assume "the patches" means you're ok with including the
> unrelated CVE fixes I linked a couple of messages ago [1].
>
> I'll try to provide an updated and tested debdiff asap after the CVE ID
> is assigned.
The CVE is CVE-2014-9713, sorry I didn't put you in the loop when
requesting, but the thread can be found at
http://www.openwall.com/lists/oss-security/2015/03/28/7 (see also the
note about upstream documentation).
You can upload to security-master, I'll check the debdiff there.
Regards,
--
Yves-Alexis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20150329/622874c4/attachment.sig>
More information about the Pkg-openldap-devel
mailing list