Re: Freeze exception for sssd?

To: debian-release@lists.debian.org
Subject: Re: Freeze exception for sssd?
From: Petter Reinholdtsen <pere@hungry.com>
Date: Mon, 30 Aug 2010 15:45:37 +0200
Message-id: <[🔎] 2fllj7omcxq.fsf@login1.uio.no>
References: <[🔎] 2fl4oeztte1.fsf@login2.uio.no> <[🔎] 2fl1v9mz6ze.fsf@login2.uio.no>

[Petter Reinholdtsen]
> [Petter Reinholdtsen]
>> These are the changelog entries since the version currently in
>> testing:
>
> Since my first request for a freeze exception, a serious security
> issue was discovered and fixed.  I just uploaded the fix.  This is the
> changelog:
>
> sssd (1.2.1-4) unstable; urgency=low
>
>   * Add patch from Stephen Gallagher to ensure LDAP authentication
>     never accept a zero length password (Closes: #594413).  Solves
>     CVE-2010-2940.
>
>  -- Petter Reinholdtsen <pere@debian.org>  Wed, 25 Aug 2010 22:33:40 +0200
>
> JFYI.

Any news on this freeze exception request?  I believe the sssd package
in squeeze is unreleasable with bug #594413 in place, so it would be
very nice if a fix would make it into squeeze soon.

The fix was uploaded to unstable 4 days ago, with I admit wrong
urgency low instead of high, and it would be nice if those using sssd
with LDAP authentication in Squeeze can get their security back
soon. :)

Luckily there are very few users of sssd according to
popcon.debian.org. :)

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

References:
- Freeze exception for sssd?
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Freeze exception for sssd?
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Bug#594890: unblock: libvigraimpex/1.7.0+dfsg-7
Next by Date: Re: Please unblock vzctl
Previous by thread: Re: Freeze exception for sssd?
Next by thread: plplot: proposed upload (RC bug fix)
Index(es):
- Date
- Thread