Your message dated Tue, 13 Mar 2018 10:05:09 +0000 with message-id <e1evgnt-000aky...@fasolo.debian.org> and subject line Bug#892124: fixed in 389-ds-base 1.3.7.10-1 has caused the Debian Bug report #892124, regarding 389-ds-base: CVE-2018-1054: remote Denial of Service (DoS) via search filters in SetUnicodeStringFromUTF_8 in collate.c to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 892124: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892124 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: 389-ds-base Version: 1.3.7.9-1 Severity: grave Tags: security upstream Forwarded: https://pagure.io/389-ds-base/issue/49545 Hi, the following vulnerability was published for 389-ds-base. CVE-2018-1054[0]: |remote Denial of Service (DoS) via search filters in |SetUnicodeStringFromUTF_8 in collate.c If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-1054 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1054 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1537314 [2] https://pagure.io/389-ds-base/issue/49545 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: 389-ds-base Source-Version: 1.3.7.10-1 We believe that the bug you reported is fixed in the latest version of 389-ds-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 892...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaal...@debian.org> (supplier of updated 389-ds-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 13 Mar 2018 11:32:29 +0200 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-dev 389-ds-base python3-lib389 python3-dirsrvtests Architecture: source Version: 1.3.7.10-1 Distribution: unstable Urgency: medium Maintainer: Debian FreeIPA Team <pkg-freeipa-de...@lists.alioth.debian.org> Changed-By: Timo Aaltonen <tjaal...@debian.org> Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries python3-dirsrvtests - Python3 module for 389 Directory Server Continuous Integration te python3-lib389 - Python3 module for accessing and configuring the 389 Directory Se Closes: 892124 Changes: 389-ds-base (1.3.7.10-1) unstable; urgency=medium . * New upstream release. - fix CVE-2018-1054 (Closes: #892124) * control: Update maintainer address, freeipa-team handles this from now on. Drop kklimonda from uploaders. * control: Update VCS urls. Checksums-Sha1: 872363c3533245724746d9b49fec47d4d082bd2c 2675 389-ds-base_1.3.7.10-1.dsc f973b267cc9915480fa9d5cb8574f89a551851c1 3577127 389-ds-base_1.3.7.10.orig.tar.bz2 b7a4f682ff95cea4582883b349c1d7ec866f027b 23688 389-ds-base_1.3.7.10-1.debian.tar.xz Checksums-Sha256: d8ac7bca87dd1ae9508ed542e7c5ef42fd70681f6431807f1ebfdb60ee23025b 2675 389-ds-base_1.3.7.10-1.dsc d177aaee49be638e6ec4501d2409b71cc34faf67db0d7a11b67d2891e7bcc8e7 3577127 389-ds-base_1.3.7.10.orig.tar.bz2 daed79926b95eab10d4ce906f91478b3c7901ce196031ee4ab2408e39d66b34e 23688 389-ds-base_1.3.7.10-1.debian.tar.xz Files: ea581704741021dddb28c81d351b660a 2675 net optional 389-ds-base_1.3.7.10-1.dsc f508ee0822bfe386a86abdce787fcb27 3577127 net optional 389-ds-base_1.3.7.10.orig.tar.bz2 ca9a2ae05103d256e2c590add553b73c 23688 net optional 389-ds-base_1.3.7.10-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJap5q9AAoJEMtwMWWoiYTcEA4P/3ImWlLN/tfxQey248+KhfQK jzrWBVGIrWcSX2LYOwawblKMI8xiXHwVtk47GZgHS6EMVV4hvEfxjnSKJJO5HnNM T97GKi1yeVb8oi/4Xz4rkfI1FM5Vvst5xxOkoN53bArdcItrvZX+p68ZiQXuHwqX BoVEbLWS9skK5erJtEk0ejmvNYwyf4tF6rgoJ9qrfUlWAATp/ApN7ZxfkpX7FwiS 9DtXgsUIgfnRJ1l0dWRDqMqEpWYIBrN8t1Jt8vUJ5jj2MCnd/R5o4Aumf1G+F716 CgLSpweOBZ2lwOmpy0qdL1+E7CO7gK1tOsoag6tj7KFtKyyOU4mrVC8Am7hiMZ9J H1M7wSDOqPq8CRMYBDPmKCBkNnkCCGHeesya5Dgq4nfg+tulnWlzRNZjuO87/aMy UCpaeQyNyqabGrg4LAmre7pM6C/TgtLDGE6haoG0cqVIYVOVDbtkF69+WumIMs6d BUMQaldzZ69DTuOnVWuD+pI7zEQkDylV/tehD7dEa9Yiiz91y2NFFU19fSp5RH+C 9fjs2CMRTG3/lgaRGt790WKgYhPgiMjk+VJg5iBAPRMyTaplwcU/WjoxdPLOWGC9 kbfnuQG4D/kOA5/c4olZISJ2yTXBw+4s77ty5YGxDP+M8LOgD7KkZZk1Pj/QpTOC eVl9oddw4lIFVTR2KnpT =8jyb -----END PGP SIGNATURE-----
--- End Message ---
