Re: stable update: nss-ldapd (#552433: libnss-ldapd: ignores case of uids)

To: debian-release@lists.debian.org, 552433@bugs.debian.org
Cc: Debian security team <team@security.debian.org>
Subject: Re: stable update: nss-ldapd (#552433: libnss-ldapd: ignores case of uids)
From: Holger Levsen <holger@layer-acht.org>
Date: Mon, 7 Dec 2009 16:19:27 +0100
Message-id: <200912071619.28489.holger@layer-acht.org>
In-reply-to: <1260118111.30359.37.camel@sorbet.thuis.net>
References: <1260118111.30359.37.camel@sorbet.thuis.net>

Hi,

On Sonntag, 6. Dezember 2009, Arthur de Jong wrote:
> I brought up bug #552433 here earlier [0] and have been in contact with
> the security team about this but haven't had a definite answer from them
> whether they want (or don't want) to issue an advisory for this.
>
> I'm now convinced this is a security problem because it can result in
> wrong privileges to be assigned and in denial of service (see [1] for
> more information).

Debian Edu would also very much like this to be fixed soon, see 
http://bugs.skolelinux.org/show_bug.cgi?id=1383 - it's a release blocker for 
our lenny based release as it causes (+has caused already) real world prblems 
as you can read in #1383.

cheers,
	Holger

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- stable update: nss-ldapd (#552433: libnss-ldapd: ignores case of uids)
  - From: Arthur de Jong <adejong@debian.org>

Prev by Date: Bug#559522: [pkg-cli-libs-team] Bug#559522: transition: evolution-data-server 2.28
Next by Date: Re: [Pkg-postgresql-public] Dropping postgresql 8.3 for squeeze
Previous by thread: stable update: nss-ldapd (#552433: libnss-ldapd: ignores case of uids)
Next by thread: Re: Bug#552433: stable update: nss-ldapd (#552433: libnss-ldapd: ignores case of uids)
Index(es):
- Date
- Thread