[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#685741: unblock: qpid-cpp/0.16-7

Control: tags -1 + moreinfo

On Fri, 2012-08-24 at 08:47 +0200, Cajus Pollmeier wrote:
> Please unblock package qpid-cpp
> 
> This upload fixes a security problem inside of qpid client handlings
> (CVE-2012-3467). Please see
> 
> http://www.openwall.com/lists/oss-security/2012/08/09/6

+--- a/src/qpid/broker/SaslAuthenticator.h
++++ b/src/qpid/broker/SaslAuthenticator.h
+@@ -54,7 +54,7 @@
+     static void init(const std::string& saslName, std::string const & saslConfigPath );
+     static void fini(void);
+ 
+-    static std::auto_ptr<SaslAuthenticator> createAuthenticator(Connection& connection, bool isShadow);
++    static std::auto_ptr<SaslAuthenticator> createAuthenticator(Connection& connection);

createAuthenticator() is a public symbol of libqpidbroker, which is
shipped as a public library in /usr/lib.  That means the library has
changed ABI without changing SONAME afaics.

Regards,

Adam
Reply to: