Accepted 389-ds-base 1.3.3.5-4+deb8u1 (source all amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 12 Jul 2018 19:03:02 +0200
Source: 389-ds-base
Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg
Architecture: source all amd64
Version: 1.3.3.5-4+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
389-ds - 389 Directory Server suite - metapackage
389-ds-base - 389 Directory Server suite - server
389-ds-base-dbg - 389 Directory Server suite - server debugging symbols
389-ds-base-dev - 389 Directory Server suite - development files
389-ds-base-libs - 389 Directory Server suite - libraries
389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols
Changes:
389-ds-base (1.3.3.5-4+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2015-1854
A flaw was found while doing authorization of modrdn operations.
An unauthenticated attacker able to issue an ldapmodrdn call to
the directory server could perform unauthorized modifications
of entries in the directory server.
* CVE-2017-15134
Improper handling of a search filter in slapi_filter_sprintf()
in slapd/util.c can lead to remote server crash and denial
of service.
* CVE-2018-1054
When read access on <attribute_name> is enabled, a flaw in
SetUnicodeStringFromUTF_8 function in collate.c, can lead to
out-of-bounds memory operations.
This might result in a server crash, caused by unauthorized
users.
* CVE-2018-1089
Any user (anonymous or authenticated) can crash ns-slapd with a
crafted ldapsearch query with very long filter value.
* CVE-2018-10850
Due to a race condition the server could crash in turbo mode
(because of high traffic) or when a worker reads several requests
in the read buffer (more_data). Thus an anonymous attacker could
trigger a denial of service.
Checksums-Sha1:
17cab41328cc4f308d4ed928ddb18737e502c060 2781 389-ds-base_1.3.3.5-4+deb8u1.dsc
bb43dc34bde87175c169cccb9981999f263c0c03 3273753 389-ds-base_1.3.3.5.orig.tar.bz2
6bb6567301b7791b83084f0dff941264a04788a7 31416 389-ds-base_1.3.3.5-4+deb8u1.debian.tar.xz
17bbf51cb809ba0eb966c83ae945ef53d341d902 15852 389-ds_1.3.3.5-4+deb8u1_all.deb
f2805c5aab5387d5e6dc2504a038b0a480292d6e 387686 389-ds-base-libs_1.3.3.5-4+deb8u1_amd64.deb
6297a747258467667848df4a42af500590c23a52 1282838 389-ds-base-libs-dbg_1.3.3.5-4+deb8u1_amd64.deb
82b1d132c9f439aab99ef2f635b9e23149e13c82 69186 389-ds-base-dev_1.3.3.5-4+deb8u1_amd64.deb
32501f904c2915839c5160a6d65c047b8b629e4f 1460472 389-ds-base_1.3.3.5-4+deb8u1_amd64.deb
34cdc405933a55aa43d96c4b1b5ebaf2419e93d5 4181176 389-ds-base-dbg_1.3.3.5-4+deb8u1_amd64.deb
Checksums-Sha256:
48c46d6dd7f18450b4ea6f35a5dfe47e09e0cb1a6298097879e4ecb9463c1768 2781 389-ds-base_1.3.3.5-4+deb8u1.dsc
85f69e65909f7a8286717290f699e61be89c6534e926bcb5b4a6644f950e8827 3273753 389-ds-base_1.3.3.5.orig.tar.bz2
f850a3bd276c94c2435898800579ff19acd3caebfa35f79df2f6b565f6284462 31416 389-ds-base_1.3.3.5-4+deb8u1.debian.tar.xz
6cdbae6af03f205e0ef6f00f845256189d57f9a8ed58704f090e6416bf098284 15852 389-ds_1.3.3.5-4+deb8u1_all.deb
9706405a3f957e073cda19a24cb447ac0dd914c941ab51574ddf7eddbac3e949 387686 389-ds-base-libs_1.3.3.5-4+deb8u1_amd64.deb
44767b72c7fef445fbbedafc6cea76c018b19419ed9e5ffefbffd10658a10ace 1282838 389-ds-base-libs-dbg_1.3.3.5-4+deb8u1_amd64.deb
8cc57c804319404faaad260db6ea8096fce09071f5a37e4d0dc6d0fa5478542b 69186 389-ds-base-dev_1.3.3.5-4+deb8u1_amd64.deb
0ca31050d45350d5831d8670fdc904f62f5a30383949bc38f86849f41084d385 1460472 389-ds-base_1.3.3.5-4+deb8u1_amd64.deb
3e5499cce862f7257c521e4bc5318f600c36eff1d6f627631d85b86cd657e83c 4181176 389-ds-base-dbg_1.3.3.5-4+deb8u1_amd64.deb
Files:
21b416744edd928bf633910494eb97e6 2781 net optional 389-ds-base_1.3.3.5-4+deb8u1.dsc
84869d46184039fce976b858e663232e 3273753 net optional 389-ds-base_1.3.3.5.orig.tar.bz2
c1026c530d95f4cbaaa408444003c0db 31416 net optional 389-ds-base_1.3.3.5-4+deb8u1.debian.tar.xz
a7c800442710f0f051b9a275efdff85d 15852 net optional 389-ds_1.3.3.5-4+deb8u1_all.deb
154c4d21a693d5b74bff05823d3e9811 387686 libs optional 389-ds-base-libs_1.3.3.5-4+deb8u1_amd64.deb
3774dea64ca01aa1b2027d258909fd5a 1282838 debug extra 389-ds-base-libs-dbg_1.3.3.5-4+deb8u1_amd64.deb
698393141bcd9e2f3ba541f38444c016 69186 libdevel optional 389-ds-base-dev_1.3.3.5-4+deb8u1_amd64.deb
8981101bd932f29a13b303c5b0feb755 1460472 net optional 389-ds-base_1.3.3.5-4+deb8u1_amd64.deb
ab8cf791b0c7259dc1b72f4dd7ffbda3 4181176 debug extra 389-ds-base-dbg_1.3.3.5-4+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAltLdsNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR8YYD/9mj0RnFFKaY138lW3t3xFaDAk/imcx
/oaor3dre98MUTG+VdR/vt8F8yW0eSEEjYTJT+CO8/SDCjs/IYglz2/AFlp23oHz
lGs9kvcJud9u2magtHG8S3pXHKvNl88j0yrwoT1+kkRfnJmiU/RfC14udoX+aiNe
XqpBSQ2h3lz6NR8T/rBTdn2YxtAo+Ww4k99QN4RmLS1jhRvhOR52Bo2ZnN+C9bvu
Hq5mOusCSVa6yCcUybFAby8oCSZ4K5E5JBtW3uu7pAe6Uw1dXLC2dDT0GQBhGu8p
Q77x6FKGAKtk9zv/MI/MsWF0pPLDxQ6iR1uXBg81jkg+bZLhU/aUnG/WkVRtpf0M
B5tOV7XVJjDjviiJBRQmRJ/LfUs0vRYs/h3CPkOKwC94IM+aELH+E78wLFq1OEnH
LDt4nv595m2tBMOuzCneUHmYIS0hr3lHCGMTLaqobxHtieTU7LO41nSRxx/pgv9c
m/bDBz13WjIR1sCipdkeqbngcznfm65nOO59VGVSDJdgq1x/J930tqqhj5ZYLkW0
w/Zx94fL2iow1tuzG/Iun+qoRoRJrZ2hjROZqV2BJ5e0oV3Ld5i4JbAwGPViWYQf
66BoXJ1WvDsEukwCnMwE3OYxzWgImAqwVF72o4AXBiNDfE8bi1/z40QHD36fe8k2
FkANL5OZNwY/rQ==
=+hM6
-----END PGP SIGNATURE-----
Reply to: