Your message dated Wed, 10 Oct 2018 22:19:05 +0000 with message-id <e1gamor-000asu...@fasolo.debian.org> and subject line Bug#908859: fixed in 389-ds-base 1.4.0.18-1 has caused the Debian Bug report #908859, regarding 389-ds-base: CVE-2018-14638 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 908859: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908859 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: 389-ds-base Version: 1.4.0.15-1 Severity: grave Tags: security Control: found -1 1.3.8.2-1 Hi, The following vulnerability was published for 389-ds-base. CVE-2018-14638[0]: | A flaw was found in 389-ds-base before version 1.3.8.4-13. The process | ns-slapd crashes in delete_passwdPolicy function when persistent | search connections are terminated unexpectedly leading to remote | denial of service. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14638 [1] https://pagure.io/389-ds-base/c/78fc627accacfa4061ce48977e22301f81ea8d73 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: 389-ds-base Source-Version: 1.4.0.18-1 We believe that the bug you reported is fixed in the latest version of 389-ds-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 908...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaal...@debian.org> (supplier of updated 389-ds-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 11 Oct 2018 00:56:02 +0300 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-dev 389-ds-base python3-lib389 python3-dirsrvtests cockpit-389-ds Architecture: source Version: 1.4.0.18-1 Distribution: unstable Urgency: medium Maintainer: Debian FreeIPA Team <pkg-freeipa-de...@alioth-lists.debian.net> Changed-By: Timo Aaltonen <tjaal...@debian.org> Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries cockpit-389-ds - Cockpit user interface for 389 Directory Server python3-dirsrvtests - Python3 module for 389 Directory Server Continuous Integration te python3-lib389 - Python3 module for accessing and configuring the 389 Directory Se Closes: 907778 908859 910761 Changes: 389-ds-base (1.4.0.18-1) unstable; urgency=medium . * New upstream release. - CVE-2018-14624 (Closes: #907778) - CVE-2018-14638 (Closes: #908859) * control: Build on any arch again. * perl-use-move-instead-of-rename.diff: Use copy instead of move, except when restoring files in case of an error. * Move the new utils (dsconf, dscreate, dsctl, dsidm) to python3- lib389. * control: Add python3-argcomplete to python3-lib389 depends. (Closes: #910761) Checksums-Sha1: 92f367a4785bb49dc2ed62e33eda2659a2a4967f 2709 389-ds-base_1.4.0.18-1.dsc 2c7c22928c73631a59c38fe832c03c1cbfa6c22f 5678130 389-ds-base_1.4.0.18.orig.tar.bz2 cd093c715ad62e5c393590110edd5d244eb88835 444480 389-ds-base_1.4.0.18-1.debian.tar.xz c89d8a9b7fd38d8499dcf181701035cf3deba281 7716 389-ds-base_1.4.0.18-1_source.buildinfo Checksums-Sha256: af5ecd9264cbae4c4326e7c8af1c96e6f29fde293df85cb074403978fcb1c04f 2709 389-ds-base_1.4.0.18-1.dsc c53d77f287ecfb0dc08858a86fc3c5dfe70ebc311fc28adfba71e2a38147a0b4 5678130 389-ds-base_1.4.0.18.orig.tar.bz2 5f16211cff6c16649d5e7f2abad2bc8dc27214bbd05f30d6f3f0ab4de9df7228 444480 389-ds-base_1.4.0.18-1.debian.tar.xz 78cd2b29ab9961e4dab24f0c0bb94919bb6df52a3ed2c076f5f8f6fb1c7c7810 7716 389-ds-base_1.4.0.18-1_source.buildinfo Files: c294806d543202b53478e949e638ae1b 2709 net optional 389-ds-base_1.4.0.18-1.dsc 8fdd3dc701047b0a2c7741a67fae4e54 5678130 net optional 389-ds-base_1.4.0.18.orig.tar.bz2 47c65b7549f230b0afa0248f49a49c08 444480 net optional 389-ds-base_1.4.0.18-1.debian.tar.xz bb975e07e5e57ac14a4948aad5f48404 7716 net optional 389-ds-base_1.4.0.18-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAlu+dYgACgkQy3AxZaiJ hNyj+g/9GVujoozIhNwk1xak5q4S3NOFrvWKepzStVSfbuLDu3l9W7pOLBgLFjo9 xsoffR9JbPfZmrXKn7kN12YNS+hXQyCjMgQetsI5hWWE7ZLdO34FLhKfpOn7D879 pANPFbvnTI8PtACv8mKFIntdCd7DWCgc8Vpb/yQB4dg4I8KhB/3g2O9R/2pN23sF cAxF3/OINQL01W3RVphPsdUdTSwcSmaow5SITO2zOvSVQIV7f1cXCO736h0/zzcC 9eBi8K4akiLIqCbLeOTd9aT6HqlApO89eJWnmCXaOnMUuUrTLJuTV/pbd/x4QtBA iji6tKxezjbZGZTsjsNd6h8WtZse59DhjbP9IadUszBbyYQK+rjIoCh+OgignU81 c6EipSmL1W4F1wYhkRTeBDlP2yQ7K7DH9Y3O0jFPWqVXG0rpa1xucrqxxEuacVZG 3db5ju9DnH+BPTXR0fEI/w/jpETYBxnw4uOukVTbmmiTO1hbc4PSTMPiyjVtcN0L fpBLZzxNIy9o9pRfED8zPRiZn2jGEBcjqrkcpu80lPRONWB+PLL7EMK4qxkpFvP0 +jIYCzR4XHqowNVrGCDEtaFoPhskvrW8HD0lNPXfUAGBes29LN5HRik0EloSKQCq yTzLqKFUKBeuRYf6E5XDUS3ug2xqJxeMMjNalZqHsifD60k9zqQ= =iH6u -----END PGP SIGNATURE-----
--- End Message ---
