Your message dated Tue, 26 Nov 2019 22:19:29 +0000 with message-id <e1izjbb-0008n4...@fasolo.debian.org> and subject line Bug#944150: fixed in 389-ds-base 1.4.2.4-1 has caused the Debian Bug report #944150, regarding 389-ds-base: CVE-2019-14824: Read permission check bypass via the deref plugin to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 944150: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944150 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: 389-ds-base Version: 1.4.1.6-4 Severity: grave Tags: security upstream Hi, The following vulnerability was published for 389-ds-base. CVE-2019-14824[0]: Read permission check bypass via the deref plugin Note that [1] gives [2] as external reference, but there I get a 404 page not found. Not sure if the issue is marked private or the reference is wrong. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-14824 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14824 [1] https://bugzilla.redhat.com/show_bug.cgi?id=1747448 [2] https://pagure.io/freeipa/issue/8050 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: 389-ds-base Source-Version: 1.4.2.4-1 We believe that the bug you reported is fixed in the latest version of 389-ds-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 944...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaal...@debian.org> (supplier of updated 389-ds-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Nov 2019 00:00:59 +0200 Source: 389-ds-base Architecture: source Version: 1.4.2.4-1 Distribution: unstable Urgency: medium Maintainer: Debian FreeIPA Team <pkg-freeipa-de...@alioth-lists.debian.net> Changed-By: Timo Aaltonen <tjaal...@debian.org> Closes: 944150 Changes: 389-ds-base (1.4.2.4-1) unstable; urgency=medium . * New upstream release. - CVE-2019-14824 deref plugin displays restricted attributes (Closes: #944150) * fix-obsolete-target.diff: Dropped, obsolete drop-old-man.diff: Refreshed * control: Add python3-packaging to build-depends and python3-lib389 depends. * dev,libs.install: Nunc-stans got dropped. * source/local-options: Add some files to diff-ignore. * rules: Refresh list of files to purge. * rules: Update dh_auto_clean override. Checksums-Sha1: 67ee2d7ab60d7791a337f76caac6939e39477d8c 2763 389-ds-base_1.4.2.4-1.dsc 0feff61839f09ee3ce153f5db676603ac26ce053 9779898 389-ds-base_1.4.2.4.orig.tar.bz2 9711cfecbf721f0a83a731f17dac7904dd834997 443984 389-ds-base_1.4.2.4-1.debian.tar.xz 87fa19db57d1d48e64be55f57f51ca101f4fb45a 8190 389-ds-base_1.4.2.4-1_source.buildinfo Checksums-Sha256: 537a776259a686e46cc4213c6d5d9e5acdb37f8cd49425aedbab88d47d4190f7 2763 389-ds-base_1.4.2.4-1.dsc 0ef1b9f2003cd593cd48ebb84e645ca109849d9601b23a9da808e031e744d82e 9779898 389-ds-base_1.4.2.4.orig.tar.bz2 e4463889937ecd52c77b4bcc04b14d7c850ff8e77601a235de7d098ecc9c66ca 443984 389-ds-base_1.4.2.4-1.debian.tar.xz b2493a18bff31ff5533a5b4c7dfb2d83de72cf7e3b2589b265acdb829cdecf66 8190 389-ds-base_1.4.2.4-1_source.buildinfo Files: a1af27805e439ec863fae73ad237b3c8 2763 net optional 389-ds-base_1.4.2.4-1.dsc eb410dccacdf5e2b167f863aa5e391e7 9779898 net optional 389-ds-base_1.4.2.4.orig.tar.bz2 0417db9ec47c35f6614a9f9cf8376c38 443984 net optional 389-ds-base_1.4.2.4-1.debian.tar.xz 45e78ae2f38be1505e977421b9c40b49 8190 net optional 389-ds-base_1.4.2.4-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAl3doOcACgkQy3AxZaiJ hNxgkxAAkEUKSSr4Yo0p9XjJK63xH6vn0Iq/Ws7VUQ3AJs7UqszFmRttqO6MSQ9e hQzhAxILHVYVBZ7w33VSSSGVjOLyaM6BA6Ua7+GLz8K6CID5VaXtdnPkDbyBTdza stUmdQPeBBq5m6sQKO+6OLab8KPj1zA+fSrR6Q+O5s5imTYQ7bFoT8l3kiL77ta2 Lh6zJyhAV+Bx107sJb6HCm2O3dp526mBCFNwGnSJ+mzT+7ZVACYCyNvzb8zWr/AT YrsbHWEO/53/pfXN0QwbClzFHgbo4+xVp+ofPSfk69AzjcyqrNseZu5YTpcOHdtc f1zCp93NeCBCrAbRUtptPm30NbBh9oG+oAB7eVKhMK7kKa9u1oFI+P8Xu7PijlK0 2R1fXYzBLKF29ByrJWp2ZIXFVe99A8ROfk9tSns8yA2F45RarB3AocA1mCf1mUkb BE9yBivSpvShjnQ844WWzy3PHs5JSX87+JCpKUPZ0qntJjW4tXcY+EJk2Z+dXtZe qbGP+hejb3fpvMhVEnZF5IGDcHg9BPIfqaCMWX4lnJafCiBli4JTlNGQRiXKU6If hmnHuBL5MD8nMLGapPIOtcktX6CfeK+hJ5hbd84aDDjyT6iTORljwLspd/aDGW4s N1htSrzK7NQ7yf0bN1S3bHNPPXuYeICOi7bFyCLHezXzW29VyBQ= =QuDX -----END PGP SIGNATURE-----
--- End Message ---
