severity 488710 important forwarded 488710 http://www.openldap.org/its/index.cgi?findid=5580 thanks
On Mon, Jun 30, 2008 at 09:26:27PM +0200, Steffen Joeris wrote: > Package: slapd > Severity: grave > Tags: security, patch > Justification: user security hole Unless something's changed, this justification (and bug description) is inconsistent with the guidelines for security bug severities... > The following email came over the public security list: > Remote unauthenticated attackers can trigger an assertion in the ASN.1 > BER > decoding of openlap and crash the server: > http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5580;selectid=5580 > An upstream patch seems to be here: > http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.120&r2=1.121&hideattic=1&sortbydate=0 According to the bug state, this bug fix is still being tested upstream, so it would be premature to upload this patch yet. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
