On 18.01.2017 18:16, Salvatore Bonaccorso wrote: > Source: 389-ds-base > Version: 1.3.5.15-1 > Severity: grave > Tags: security upstream patch > Justification: user security hole > > Hi, > > the following vulnerability was published for 389-ds-base. Choosed > severity > important, since possibly as well triggerable by > unauthenticated attackers, but I'm not too familiar if that setup is > common. > > CVE-2017-2591[0]: > DoS via OOB heap read in "attribute uniqueness" plugin > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-2591 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591
Hi, I don't understand the tags.. is there a patch somewhere? I can't find anything upstream, and the CVE links don't give anything useful either.
