Hi Timo Thanks a lot for looking into the issue!
On Thu, Jan 26, 2017 at 10:29:16PM +0200, Timo Aaltonen wrote: > On 18.01.2017 18:16, Salvatore Bonaccorso wrote: > > Source: 389-ds-base > > Version: 1.3.5.15-1 > > Severity: grave > > Tags: security upstream patch > > Justification: user security hole > > > > Hi, > > > > the following vulnerability was published for 389-ds-base. Choosed > > severity > important, since possibly as well triggerable by > > unauthenticated attackers, but I'm not too familiar if that setup is > > common. > > > > CVE-2017-2591[0]: > > DoS via OOB heap read in "attribute uniqueness" plugin > > > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > For further information see: > > > > [0] https://security-tracker.debian.org/tracker/CVE-2017-2591 > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591 > > Hi, > I don't understand the tags.. is there a patch somewhere? I can't find > anything upstream, and the CVE links don't give anything useful either. MITRE has not yet updated their page. But if you follow the first link to the security-tracker the patch is referenced. It is https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/ according to the original post on oss-security, which describes the issue: https://marc.info/?l=oss-security&m=148475299128091&w=2 Does this help? Regards, Salvatore
