Re: libnss-ldap/libpam-ldap security issue
On Tue, Jun 10, 2008 at 03:25:33AM -0700, Russ Allbery wrote:
> This was a while back, so my memory may be wrong on the details. Steve
> might remember more.
I think your memory is probably better than mine here, I didn't remember
half of the details until I read them again in your message. :)
So do we have some sort of reproducible parser crash in libldap here, then?
Is there a bug report open about this (with Debian or upstream)?
> The problem with just removing this code in the library is that it's also
> how ldapsearch and friends get their defaults, which is actively used and
> will break people's scripts if it goes away.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/