--On Saturday, October 31, 2009 8:47 AM -0700 Quanah Gibson-Mount
<qua...@zimbra.com> wrote:
--On Saturday, October 31, 2009 10:57 AM +0100 Giuseppe Iuculano
<iucul...@debian.org> wrote:
Package: openldap
Severity: grave
Tags: security patch
This was fixed in OpenLDAP 2.4.18 (Just to note).
Also, how easily someone can set up a rogue LDAP server masquarading as
someone else's ldap server seems not particularly simple to do. I.e.,
this requires someone to set up an LDAP server with a bad cert, and then
intercept someone elses ldap client traffic to that server.
Also, if Debian's still supporting anything based on OL 2.3, I have a clean
patch for this issue for it as well.
--Quanah
--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra :: the leader in open source messaging and collaboration
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
