Hi,
I've prepared a proposed update to squeeze for openldap. The maintainers
of that package let me know they would like some help so I've proposed
this update to them last week, and received no objections.
I have installed this update in our LDAP test environment with no issues
found.
It contains 3 changes:
- A data loss bug which has been fixed in unstable for a while now;
- Three low-prio security updates which have been in Ubuntu for some time;
- A grave problem when reconfiguring the package.
Changelog follows, debdiff is attached. Please let me know if it's OK to
upload.
openldap (2.4.23-7.1) stable; urgency=low
* Non-maintainer upload targeted at stable.
* Picked the following patches from various sources:
[ Matthijs Möhlmann ]
* Update patch service-operational-before-detach (Closes: #616164, #598361)
[ Ubuntu Security Team / Jamie Strandboge ]
* SECURITY UPDATE: fix successful anonymous bind via chain overlay when
using forwarded authentication failures
- debian/patches/CVE-2011-1024
- CVE-2011-1024
* SECURITY UPDATE: verify password when authenticating to rootdn and
using ndb
backend. Note: Debian is not compiled with --enable-ndb by default
- debian/patches/CVE-2011-1025
- CVE-2011-1025
* SECURITY UPDATE: fix DoS when processing unauthenticated modrdn requests
and requestDN is empty
- debian/patches/CVE-2011-1081
- CVE-2011-1081
- LP: #742104, Closes: 617606
[ Raphaël Hertzog ]
* Fix "dpkg-reconfigure slapd". Closes: #596343
-- Thijs Kinkhorst <thijs@debian.org> Wed, 25 May 2011 16:40:39 +0200
Cheers,
ThijsAttachment:
openldap_stable.debdiff
Description: Binary data