Bug#777513: unblock: openldap/2.4.40-4 (pre-approval)

To: Ryan Tandy <ryan@nardis.ca>, 777513@bugs.debian.org
Subject: Bug#777513: unblock: openldap/2.4.40-4 (pre-approval)
From: Julien Cristau <jcristau@debian.org>
Date: Mon, 9 Feb 2015 14:52:37 +0100
Message-id: <[🔎] 20150209135237.GH1940@betterave.cristau.org>
Reply-to: Julien Cristau <jcristau@debian.org>, 777513@bugs.debian.org
In-reply-to: <[🔎] 1423447140.182723.14711.nullmailer@kiwi>
References: <[🔎] 1423447140.182723.14711.nullmailer@kiwi>

On Sun, Feb  8, 2015 at 17:59:00 -0800, Ryan Tandy wrote:

> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Hi,
> 
> We would like to fix two recently-discovered upstream bugs in openldap 
> that allow an unauthenticated remote user to crash the LDAP server.
> 
> #776988, CVE-2015-1545: If the deref overlay is enabled (by default, it 
> is not), the query "ldapsearch -E deref=member:" crashes slapd via a 
> NULL pointer dereference.
> 
> #776991, CVE-2015-1546: The query "ldapsearch -E 'mv=(cn={*)(sn=*)'" 
> crashes slapd via a double free (regression in 2.4.40).
> 
> The deref overlay is not widely used, but #776991 affects all slapd 
> users.
> 
> May we upload with these changes?
> 
Please do.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#777513: unblock: openldap/2.4.40-4 (pre-approval)
  - From: Ryan Tandy <ryan@nardis.ca>

References:
- Bug#777513: unblock: openldap/2.4.40-4 (pre-approval)
  - From: Ryan Tandy <ryan@nardis.ca>

Prev by Date: Re: question regarding unblock request for library
Next by Date: Processed: Re: Bug#772551: Suricata: missing library libhtp-0.5.12.so.1
Previous by thread: Bug#777513: unblock: openldap/2.4.40-4 (pre-approval)
Next by thread: Bug#777513: unblock: openldap/2.4.40-4 (pre-approval)
Index(es):
- Date
- Thread