Your message dated Wed, 28 Sep 2022 20:41:43 +0000 with message-id <e1oddsf-00c2av...@fasolo.debian.org> and subject line Bug#1016445: fixed in 389-ds-base 2.0.15-1.1 has caused the Debian Bug report #1016445, regarding 389-ds-base: CVE-2022-0918 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1016445: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016445 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: 389-ds-base X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for 389-ds-base. CVE-2022-0918[0]: | A vulnerability was discovered in the 389 Directory Server that allows | an unauthenticated attacker with network access to the LDAP port to | cause a denial of service. The denial of service is triggered by a | single message sent over a TCP connection, no bind or other | authentication is required. The message triggers a segmentation fault | that results in slapd crashing. https://bugzilla.redhat.com/show_bug.cgi?id=2055815 https://github.com/389ds/389-ds-base/issues/5242 https://github.com/389ds/389-ds-base/commit/caad47ab207d7c5d61521ec4d33091db559c315a (master) https://github.com/389ds/389-ds-base/commit/f46ab49c9f06b503f5ec8147f2c01dcacdb6a375 (389-ds-base-2.0.16) If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-0918 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0918 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: 389-ds-base Source-Version: 2.0.15-1.1 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of 389-ds-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1016...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated 389-ds-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Sep 2022 22:10:45 +0300 Source: 389-ds-base Architecture: source Version: 2.0.15-1.1 Distribution: unstable Urgency: medium Maintainer: Debian FreeIPA Team <pkg-freeipa-de...@alioth-lists.debian.net> Changed-By: Adrian Bunk <b...@debian.org> Closes: 1016445 Changes: 389-ds-base (2.0.15-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2022-0918: unauthenticated attacker with network access to the LDAP port could cause a denial of service (Closes: #1016445) Checksums-Sha1: c7ab2ae2aeff22a4d29665fae77deef1651668c0 2766 389-ds-base_2.0.15-1.1.dsc d55b4d92e163d6061ebec5a002d662de32ad264a 26884 389-ds-base_2.0.15-1.1.debian.tar.xz Checksums-Sha256: 6f08027e020be2876f1650563c6b60da0c62c94ccb46030b5b972a733146ea68 2766 389-ds-base_2.0.15-1.1.dsc 1806637e3945fe7f495bf6ae2ceeffd8dbb13e5b276b5c0a540a56a318f7f4bd 26884 389-ds-base_2.0.15-1.1.debian.tar.xz Files: fa191ac10c3e62dc32444838b07009a3 2766 net optional 389-ds-base_2.0.15-1.1.dsc e4817f54fde9d48cdabedfdd8fcc43b5 26884 net optional 389-ds-base_2.0.15-1.1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmMg1nMACgkQiNJCh6LY mLFIKA/+PLFHW5ocV6sh1DuH2IkHFrAnxHjW3luwAeCA7ihxo2nq/wpuwcdDSL4S xxR8xc6vhe42QXUkxp5o7RE7bzxASHc9a2yus146Olc36T0rmzhZGwnEhwDAU7KH neMnN1cX5zIKfh8qJMzX59SOgIac2wmYArqh7r1DzU3MQO+PlxTDI3/9U6lbLsPV 0GFboD2o4fLWOU/HrUqagRBLqobiiQR8GnRhPyakL2nRPjBJKm5Mxf/A5D3BxheO ju2rCEf+0R3cdm3Qm0h7+2qHST7ckm85cW2IWftRaA61V95iUZeJI28/OQVMpwnM iRibGMCrl18GBhgIXvb+hx8O/JdGmHAEvilR/xsF24xBZiTfak6dU8lNrq/cbMcj m8dKmcn9+p/G/GnW5ODJokzP9pRlCM7uqtNfedbbMV6oPb9BCtqXFUh/WHARYN9L 1PW8VEKRsG4M/IiSu8AL9LbCydDdS+5FIX1YDt/TbQ2SoN9mPF+QyanEjh50+JVy icWEhJuof4jj28FNzbr/H3ZNTBBatRMOkwbyuWgySF/XmZrSz2vEw644MTfoLsmy 4xN8CWIH/lpVA0FqrznNV31pghz6DqptKG2gO7NlKk8FbrU5pEzikNPqxs1Xfyn5 3YGdfX5FNcBlH0dH4Ofu6E+7OuA9rDfSUOTWlcD1/lNpDmdns7Y= =nfrO -----END PGP SIGNATURE-----
--- End Message ---
