Bug#1036995: openldap: CVE-2023-2953
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 1 05:58:28 BST 2023
Hi Ryan,
On Wed, May 31, 2023 at 04:34:31PM -0700, Ryan Tandy wrote:
> Hi, thanks for the report. If I've understood the issue correctly (DoS/crash
> if malloc fails), it does not look too urgent.
Correct, agreed.
> Although the fixes look safe enough, I think we could wait until after
> bookworm is released, and fix this in unstable first and in a point release
> later. Does that sound OK to you?
Yes I do agree. The issue can be fixed after the bookworm release for
unstable and trixie, and for bookworm fixing it in the first point
release is absolutely fine. We do not need a DSA here. The same holds
for bullseye.
Thank you for the swift reply back!
Regards,
Salvatore
More information about the Pkg-openldap-devel
mailing list