[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libnss-ldap/libpam-ldap security issue

On Tue, Jun 10, 2008 at 03:25:33AM -0700, Russ Allbery wrote:
> This was a while back, so my memory may be wrong on the details.  Steve
> might remember more.

I think your memory is probably better than mine here, I didn't remember
half of the details until I read them again in your message. :)

So do we have some sort of reproducible parser crash in libldap here, then?
Is there a bug report open about this (with Debian or upstream)?

> The problem with just removing this code in the library is that it's also
> how ldapsearch and friends get their defaults, which is actively used and
> will break people's scripts if it goes away.

Right. :/

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to: