Your message dated Sun, 28 Mar 2021 19:18:39 +0000 with message-id <e1lqavn-000fuw...@fasolo.debian.org> and subject line Bug#985935: fixed in ldb 2:2.2.0-3.1 has caused the Debian Bug report #985935, regarding ldb: CVE-2021-20277 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 985935: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985935 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ldb Version: 2:2.2.0-3 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://bugzilla.samba.org/show_bug.cgi?id=14655 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for ldb. CVE-2021-20277[0]: | Out of bounds read in AD DC LDAP server If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-20277 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277 [1] https://bugzilla.samba.org/show_bug.cgi?id=14655 [2] https://www.samba.org/samba/security/CVE-2021-20277.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ldb Source-Version: 2:2.2.0-3.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of ldb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 985...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ldb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 Mar 2021 19:52:18 +0100 Source: ldb Architecture: source Version: 2:2.2.0-3.1 Distribution: unstable Urgency: medium Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 985935 985936 Changes: ldb (2:2.2.0-3.1) unstable; urgency=medium . * Non-maintainer upload. * ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840) (Closes: #985936) * pytests: move Dn.validate test to ldb * ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277) (Closes: #985935) * ldb: add tests for ldb_wildcard_compare * ldb tests: ldb_match tests with extra spaces * ldb: Remove tests from ldb_match_test that do not pass Checksums-Sha1: 28afad10d4c37680e514b35a0ee99953a1f80405 2601 ldb_2.2.0-3.1.dsc 47b6781531859e3e6d0ebefbff96a2e23b89efd7 25160 ldb_2.2.0-3.1.debian.tar.xz 921ba70219ee7c06dea446fe2530c66506393303 7126 ldb_2.2.0-3.1_source.buildinfo Checksums-Sha256: c84f8b97c8b7191670cfbf55bc0d09d383478f7db7377cccf85a5d6754a3c161 2601 ldb_2.2.0-3.1.dsc a110edc78bbbafbb04c3238ac7fa400a37c09012ca5ed727959f4c25c5fa24e0 25160 ldb_2.2.0-3.1.debian.tar.xz 4a593f6abe9feaca605026f0e00ce83b2d545251dd04c6640282ad916fea33f7 7126 ldb_2.2.0-3.1_source.buildinfo Files: 2dd4efd6256ddcc1a456647c287c7b2d 2601 devel optional ldb_2.2.0-3.1.dsc 9d32b8e2579e77f0a67f50a678c00d0e 25160 devel optional ldb_2.2.0-3.1.debian.tar.xz da72599af22757cf9cd872927f20f90b 7126 devel optional ldb_2.2.0-3.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBeLaRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EUtEP/2VWCOsSyz3cw4J98/ryc/8kYBFgSYvY 9L+qiDpkoE7MWY6vhMyNFbmFXwdkOskMS0SqHJFAONHbeTk2ApBZ9zIV/+wESdgp d+ID+vbS42jQOivBe4Aioqz9ZtZKuv2TLyBIirXwzyNL8qmprLSLnUrTh9FeYubC xrnwP3gxS6Yf8Bdlwuew71sUNSjbg0rcquq53I3BAXJP4X6/zRzqvTn2WdHJsfjf KavdXiSFggIwR0RDi4uL4MgTkxE8eJedxgHGPU71dVTdrJeDEd1Suq0LTDHU00Al ZgXsz0P3ZrsPqrAGmkaOxI1iLECsoiqP64Aw5rEA6R49vqeAeHR0C72bQokEYClJ v3y+B+3IxXIyYKioyx/P9vxPIERpm7KT36IYJSyYjKR4I2YXwXolMJ7gL7N6XQJZ Q9f6s24AOe/hTXptqc7FUETBTRodC1jRljfNSE6pUwBuUpeX3V35vYOj7O0KgEqE tfXjFdJ7RAoPWHary2c/Bf1LeWWWVP0ytmOqS9ZREk0+q2oLn0R8TGf1/hmKn/tS /oLLaKQz5CDafvq8SvC/eSWfT+2GljUijV3tqcMuIwpqVv9ZMGDKpS6ViKRQs3X8 nw3qPtx3Mzmwt7gqfEUk0MSpd1s4r1Rnd+9Ln02vhwWOG3L34btSvL6B9IUG+AN9 75JNKLqt/Kco =FUbj -----END PGP SIGNATURE-----
--- End Message ---
