[Bug 1103353] Re: Invalid GnuTLS cipher suite strings causes libldap to crash
Jouko Orava
joorava at iki.fi
Sat Mar 21 00:20:58 UTC 2015
Well, considering that Ubuntu openldap maintainers consider e.g. CVE-2013-4449
(denial-of-service, 2.4.31 to 2.4.36 are vulnerable) not important enough to patch
or update to a later openldap version, I expect there to be zero chance of this bug
to be patched either. It seems that if it does not hurt the maintainers' systems,
it's not worth fixing.
The current Ubuntu version I am using right now, 14.04 LTS, is certainly the last
Ubuntu version I will be using. I am still evaluating the alternatives, but
definitely all Debian jessie derivatives are straight out.
I won't be monitoring this bug anymore, either.
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4449
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1103353
Title:
Invalid GnuTLS cipher suite strings causes libldap to crash
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353/+subscriptions
More information about the Ubuntu-server-bugs
mailing list