Your message dated Thu, 26 Jan 2017 22:21:19 +0000 with message-id <e1cwspv-0008oo...@fasolo.debian.org> and subject line Bug#851769: fixed in 389-ds-base 1.3.5.15-2 has caused the Debian Bug report #851769, regarding 389-ds-base: CVE-2017-2591 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 851769: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851769 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: 389-ds-base Version: 1.3.5.15-1 Severity: grave Tags: security upstream patch Justification: user security hole Hi, the following vulnerability was published for 389-ds-base. Choosed severity > important, since possibly as well triggerable by unauthenticated attackers, but I'm not too familiar if that setup is common. CVE-2017-2591[0]: DoS via OOB heap read in "attribute uniqueness" plugin If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-2591 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: 389-ds-base Source-Version: 1.3.5.15-2 We believe that the bug you reported is fixed in the latest version of 389-ds-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 851...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaal...@debian.org> (supplier of updated 389-ds-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 27 Jan 2017 00:01:53 +0200 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-dev 389-ds-base Architecture: source Version: 1.3.5.15-2 Distribution: unstable Urgency: medium Maintainer: Debian 389ds Team <pkg-fedora-ds-maintain...@lists.alioth.debian.org> Changed-By: Timo Aaltonen <tjaal...@debian.org> Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries Closes: 851769 Changes: 389-ds-base (1.3.5.15-2) unstable; urgency=medium . * fix-48986-cve-2017-2591.diff: Fix upstream ticket 48986, CVE-2017-2591. (Closes: #851769) Checksums-Sha1: 1a8db8750441d224c71a1dfb8ae5e3804da9ebbb 2519 389-ds-base_1.3.5.15-2.dsc 130e1122740907b1294766a602f31f825ddaa419 22984 389-ds-base_1.3.5.15-2.debian.tar.xz Checksums-Sha256: 8b5022e3d5cae136c82141e34f215590a63d89cf46ff5a30cbe4f3fb1b104a8c 2519 389-ds-base_1.3.5.15-2.dsc 2cffb12de50cf359f88d2d79da2a34df909e1a75cbb5345a3d5431864a878fbb 22984 389-ds-base_1.3.5.15-2.debian.tar.xz Files: ea435f3690d6a6afb0c7da3ef2da289c 2519 net optional 389-ds-base_1.3.5.15-2.dsc b54b7442a6c8991c1c72595d68ea7744 22984 net optional 389-ds-base_1.3.5.15-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYinH1AAoJEMtwMWWoiYTcKgsQAIZ+gc+3vcsa8mQ0CFW60X4/ /QEObk9uRKCVFB3lehUIz2zEQvZWXJdGN+4GGVlmb1MdtTmA4pkCrt+6t5+83ED9 pux8/Acp6JUjXCb5n52YtduV7O2nMn3cWmkUrdMZySswHGQRSIHWJIe9ImfDXGwm dhNxKRHK7B409U0MILiZWe730EBWBhF7BRnSsQ+Jy3IUMJ9b0ZX/zuuSG2CBCYxi mXl25E4x/c+wsoQ10p3aDGLkUz9AhnyZB5F0xDOB/+ECgIGd8iyK+wWKbeLzm28A Mk3bN3XJ+3Un0Y4bgm+T+XVmrQFlvKjndMstmACR+SwKLDllxUNkrfMI3DofwrwY hh6Kkhh8aE+xfpq/HOB7Ys2zLOpcvilB7v/qf0/rSlV1MF6wPzjK5MHaVAcWwnO9 in9pSk7J/1ZYlfP6zz06rNPiy0f5DJnXQUlZ29tEKE3FKATaK90pQ7500Ko4xq4a lqXR2kdO1chz7CahkIJpve6PWOH9CVh6BSgAQ5JcVNkdmDjg0ZvhnXlbd6DEJgdr YvianKN9tdtQeq2VVlUYTe6qKLKcNTjqgHR7pvSXl7mLCtT9ZZTgf0rU4vmJKCY2 BUvnkI4AR3lPcTFzcvWmPW2YvDeGD8OujPrxbze2KqgAzjYMj+VL8fz+jnvLhTgG K8nORbZM6uLpb3lUfcPl =m0+y -----END PGP SIGNATURE-----
--- End Message ---
