Re: [SRM] (PRSC) Security fixes and possible database corruption
On Mon, 28 Mar 2011 22:21:14 +0100 Jonathan Wiltshire wrote:
> On Mon, Mar 28, 2011 at 10:41:23PM +0200, Matthijs Möhlmann wrote:
> > CVE-2011-1081:
> > modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote attackers to cause a denial of service (daemon crash) via a relative Distinguished Name (DN) modification request (aka MODRDN operation) that contains an empty value for the OldDN field.
> > Fix: http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?hideattic=1&r1=text&tr1=1.181&r2=text&tr2=1.182&f=c
> > Impact: High, possibility to remotely crash slapd.
> This is new in the tracker, and so might be DSA material. Security team,
> can you decide if this should be a point release or a DSA please?
The current process for a DSA is to submit an RT ticket  with the
intended fixes and description, then the security team will either work
on the DSA, or they will have you reassign it to release.debian.org.