[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeze exception for sssd?

[Petter Reinholdtsen]
> [Petter Reinholdtsen]
>> These are the changelog entries since the version currently in
>> testing:
> Since my first request for a freeze exception, a serious security
> issue was discovered and fixed.  I just uploaded the fix.  This is the
> changelog:
> sssd (1.2.1-4) unstable; urgency=low
>   * Add patch from Stephen Gallagher to ensure LDAP authentication
>     never accept a zero length password (Closes: #594413).  Solves
>     CVE-2010-2940.
>  -- Petter Reinholdtsen <pere@debian.org>  Wed, 25 Aug 2010 22:33:40 +0200

Any news on this freeze exception request?  I believe the sssd package
in squeeze is unreleasable with bug #594413 in place, so it would be
very nice if a fix would make it into squeeze soon.

The fix was uploaded to unstable 4 days ago, with I admit wrong
urgency low instead of high, and it would be nice if those using sssd
with LDAP authentication in Squeeze can get their security back
soon. :)

Luckily there are very few users of sssd according to
popcon.debian.org. :)

Happy hacking,
Petter Reinholdtsen

Reply to: