Source: apache-directory-server Version: 2.0.0~M24-4 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.0.0~M24-3
Hi, The following vulnerability was published for apache-directory-server. CVE-2021-33900[0]: | While investigating DIRSTUDIO-1219 it was noticed that configured | StartTLS encryption was not applied when any SASL authentication | mechanism (DIGEST-MD5, GSSAPI) was used. While investigating | DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality | layer was not applied. This issue affects Apache Directory Studio | version 2.0.0.v20210213-M16 and prior versions. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-33900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33900 Regards, Salvatore
