[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1093238: bookworm-pu: package 389-ds-base/2.3.1+dfsg1-1+deb12u1

Hello,

On Sat, 18 Jan 2025, at 18:13, Salvatore Bonaccorso wrote:
>> The following were cherry-picks with no other changes from the
>> upstream’s Git repostitory, branch 2.4.6:
>> 
>>  - Security fix for CVE-2024-3657
>>  - Security fix for CVE-2024-5953
>>  - Security fix for CVE-2024-8445
>>  - Security fix for CVE-2024-2199

> I have a question on the followup for CVE-2024-2199, CVE-2024-8445
> exists because of an incomplete fix for CVE-2024-2199. What is the
> orgin of the applied patch for CVE-2024-8445? 

> It has, AFAICS as well not yet as well addressed in unstable? Is the
> applied fix validated from upstream?

This fix comes from the upstream repo, branch 1.4.3: https://github.com/389ds/389-ds-base/commit/1d3fddaac33

I’m not sure why it’s not on other branches, and the bug’s description is (intentionally?) very vague about *which* versions are affected.

-- 
Cheers,
  Andrej
Reply to: