[Pkg-openldap-devel] slapd crash on specific search query (#863569)

Moritz Muehlenhoff jmm at debian.org
Sun May 28 20:54:38 UTC 2017


On Sun, May 28, 2017 at 11:41:46AM -0700, Ryan Tandy wrote:
> Hi Security Team,
> 
> A Debian user reported that slapd encounters a double-free and crashes when
> processing a certain search: https://bugs.debian.org/863563
> 
> The default configuration in Debian allows anonymous users to search the
> directory, so for us this counts as a remote DoS.
> 
> I have opened an unblock request for fixing this in unstable and stretch:
> https://bugs.debian.org/863569
> 
> Please let me know whether you'd like to perform a security upload to fix
> this in stable, or handle it in a point release. Either way I am happy to
> prepare and test a fixed package for you.

Thanks!

Let's fix this via security.debian.org, can you please send a debdiff
for jessie-security when ready?

Cheers,
        Moritz



More information about the Pkg-openldap-devel mailing list