Re: libnss-ldap/libpam-ldap security issue

To: debian-devel@lists.debian.org
Subject: Re: libnss-ldap/libpam-ldap security issue
From: Steve Langasek <vorlon@debian.org>
Date: Sat, 21 Jun 2008 16:39:31 -0700
Message-id: <[🔎] 20080621233931.GA23767@dario.dodds.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87fxrl7fj6.fsf@windlord.stanford.edu>
References: <[🔎] 484E036C.9050601@snoopy.debian.net> <[🔎] 87fxrl7fj6.fsf@windlord.stanford.edu>

On Tue, Jun 10, 2008 at 03:25:33AM -0700, Russ Allbery wrote:
> This was a while back, so my memory may be wrong on the details.  Steve
> might remember more.

I think your memory is probably better than mine here, I didn't remember
half of the details until I read them again in your message. :)

So do we have some sort of reproducible parser crash in libldap here, then?
Is there a bug report open about this (with Debian or upstream)?

> The problem with just removing this code in the library is that it's also
> how ldapsearch and friends get their defaults, which is actively used and
> will break people's scripts if it goes away.

Right. :/

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to:

Follow-Ups:
- Re: libnss-ldap/libpam-ldap security issue
  - From: Brian May <brian@microcomaustralia.com.au>

References:
- libnss-ldap/libpam-ldap security issue
  - From: Brian May <bam@snoopy.debian.net>
- Re: libnss-ldap/libpam-ldap security issue
  - From: Russ Allbery <rra@debian.org>

Prev by Date: RFC: ODBC, local changes to config files, and policy
Next by Date: Re: libnss-ldap/libpam-ldap security issue
Previous by thread: Re: libnss-ldap/libpam-ldap security issue
Next by thread: Re: libnss-ldap/libpam-ldap security issue
Index(es):
- Date
- Thread