Bug#965184: CVE-2020-15719
Moritz Muehlenhoff
jmm at debian.org
Fri Jul 17 11:41:35 BST 2020
Source: openldap
Severity: important
Tags: security
Hi,
CVE-2020-15719 was assigned to an issue in OpenLDAP found by Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=1740070
The underlying OpenLDAP bug is restricted, though:
https://bugs.openldap.org/show_bug.cgi?id=9266
The patch applied by Red Hat is
https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch
bug given that 1740070 is restricted I'm not sure if it affects the
Debian OpenLDAP packages or not (as we sue GNUTLS instead of OpenSSL)
Cheers,
Moritz
More information about the Pkg-openldap-devel
mailing list