[Bug 191563] Re: [hardy] slapd CLEARTEXT password migration issue
Launchpad Bug Tracker
191563 at bugs.launchpad.net
Tue Mar 4 02:35:05 GMT 2008
This bug was fixed in the package openldap2.3 - 2.4.7-6ubuntu1
---------------
openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low
* Merge from Debian unstable, remaining changes:
+ debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39
allows remote authenticated users to cause a denial of service (daemon
crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION)
control, a related issue to CVE-2007-6698.
+ debian/apparmor-profile: add AppArmor profile
+ debian/slapd.postinst: Reload AA profile on configuration
+ updated debian/slapd.README.Debian for note on AppArmor
+ debian/control: Replaces apparmor-profiles << 2.1+1075-0ubuntu4 as we
should now take control
+ debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
to make sure that if earlier version of apparmor-profiles gets
installed it won't overwrite our profile
+ Modify Maintainer value to match the DebianMaintainerField
specification.
openldap2.3 (2.4.7-6) unstable; urgency=low
[ Updated debconf translations ]
* Dutch, thanks to Bart Cornelis <cobaco at skolelinux.no>. Closes: #452950.
* Brazilian Portuguese, thanks to Eder L. Marques <frolic at debian-ce.org>.
Closes: #463460.
* German, thanks to Helge Kreutzmann <debian at helgefjell.de>.
Closes: #465784.
[ Steve Langasek ]
* Relax build-dependency on libsasl2-dev now that the versioned dependency
is satisfied by all extant versions (including in oldstable), fixing a
lintian warning about versioned build-deps on Debian revisions.
* Avoid using a mutex around getaddrinfo() and getnameinfo() calls, which
are guaranteed by glibc to be threadsafe; this fixes a deadlock when
using nss_ldap for host lookups. Closes: #340601.
* debian/libldap2-dev.manpages: install all of man3/* instead of
enumerating specific manpages to install. Closes: #320073.
* Add new patch, sasl-cleartext-strncasecmp, to correct a regression that
prevented the use of the {CLEARTEXT} password scheme with SASL.
Closes LP: #191563.
* drop LGPL from debian/copyright; there is no longer any code under this
license in the package.
* Drop patch gnutls-altname-nulterminated; it's been determined that the
"length" discrepancy was a bug in gnutls, and fixed in that package.
* debian/configure.options: explicitly pass --with-odbc=unixodbc, so
that we depend on the right ODBC implementation when both happen to
be installed at build time.
[ Russ Allbery ]
* Add a stamp file for the configure rule to avoid rerunning configure
needlessly. Closes: #465588.
* Don't create the openldap user if slapd has been configured to run as
a different user. If slapd has been configured to run as openldap, do
create the user on reconfigure. Closes: #452438.
* Reformat, reorganize, and update slapd's README.Debian.
- Include SASL configuration information.
- Remove LDBM information, since upstream no longer even ships LDBM
and the debconf prompting and maintainer scripts already take care
of any lingering databases.
- Document the differences between the Debian OpenLDAP packages and
upstream.
-- Steve Langasek <steve.langasek at ubuntu.com> Tue, 04 Mar 2008
01:59:51 +0000
** Changed in: openldap2.3 (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6698
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-0658
--
[hardy] slapd CLEARTEXT password migration issue
https://bugs.launchpad.net/bugs/191563
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap2.3 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list