Your message dated Thu, 25 Jul 2019 20:46:24 +0000
with message-id <[email protected]>
and subject line Bug#932998: fixed in openldap 2.4.48+dfsg-1
has caused the Debian Bug report #932998,
regarding openldap: CVE-2019-13565
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
932998: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932998
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openldap
Version: 2.4.47+dfsg-3
Severity: important
Tags: security upstream
Forwarded: https://openldap.org/its/?findid=9052
Hi,
The following vulnerability was published for openldap, filling for
tracking.
CVE-2019-13565[0]:
|openldap: ACL protections get lost if same identity uses different SSF
|levels
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-13565
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13565
[1] https://openldap.org/its/?findid=9052
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: openldap
Source-Version: 2.4.48+dfsg-1
We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ryan Tandy <[email protected]> (supplier of updated openldap package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 25 Jul 2019 08:32:00 -0700
Source: openldap
Architecture: source
Version: 2.4.48+dfsg-1
Distribution: sid
Urgency: medium
Maintainer: Debian OpenLDAP Maintainers
<[email protected]>
Changed-By: Ryan Tandy <[email protected]>
Closes: 880656 926657 932270 932997 932998
Changes:
openldap (2.4.48+dfsg-1) unstable; urgency=medium
.
* New upstream release.
- fixed slapd to restrict rootDN proxyauthz to its own databases
(CVE-2019-13057) (ITS#9038) (Closes: #932997)
- fixed slapd to enforce sasl_ssf ACL statement on every connection
(CVE-2019-13565) (ITS#9052) (Closes: #932998)
- added new openldap.h header with OpenLDAP specific libldap interfaces
(ITS#8671)
- updated lastbind overlay to support forwarding authTimestamp updates
(ITS#7721) (Closes: #880656)
* Update Standards-Version to 4.4.0.
* Add a systemd drop-in to set RemainAfterExit=no on the slapd service, so
that systemd marks the service as dead after it crashes or is killed.
Thanks to Heitor Alves de Siqueira. (Closes: #926657, LP: #1821343)
* Use more entropy for generating a random admin password, if none was set
during initial configuration. Thanks to Judicael Courant.
(Closes: #932270)
* Replace debian/rules calls to dpkg-architecture and dpkg-parsechangelog
with variables provided by dpkg-dev includes.
* Declare R³: no.
* Create a simple autopkgtest that tests installing slapd and connecting to
it with an ldap tool.
* Install the new openldap.h header in libldap2-dev.
Checksums-Sha1:
c54c0cdcb44a64f3fe8810bd8be7d4b21aaf6209 2879 openldap_2.4.48+dfsg-1.dsc
88c4972417c09062b46055eaa9a372ea5f3d22a6 4875429
openldap_2.4.48+dfsg.orig.tar.gz
1da12cf9c7d67898655910a10a085e95cbb0d18c 166116
openldap_2.4.48+dfsg-1.debian.tar.xz
Checksums-Sha256:
b227535c79454100aac32e526b0f4e2730f05087f0e9ffd4a78f35d81b012e66 2879
openldap_2.4.48+dfsg-1.dsc
8645601c28f094b01baed02a604479b175a45ba010e407212d214313bc6a80ba 4875429
openldap_2.4.48+dfsg.orig.tar.gz
bdd3e8ac25748be6a8f248d787aff9ad591e0d3ea0b3e176a5cd54f11dc8e90e 166116
openldap_2.4.48+dfsg-1.debian.tar.xz
Files:
7c5887ad6e9b4517b1be78ac7d1eabde 2879 net optional openldap_2.4.48+dfsg-1.dsc
c97a336099ff37c4351933f026411134 4875429 net optional
openldap_2.4.48+dfsg.orig.tar.gz
29a4bb238d5b438f1fe3ae487eb66d16 166116 net optional
openldap_2.4.48+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJDBAEBCgAtFiEEPSfh0nqdQTd5kOFlIp/PEvXWa7YFAl056k4PHHJ5YW5AbmFy
ZGlzLmNhAAoJECKfzxL11mu2E1sP/0F1lrL7eSRvLXQlAbtNG76cLyazun5VLEK6
iRO69XKZS8VHa7ne4i6Fira0OoAxjGznnvXBGtXm0+kJOtvvWig2pKJgXNmaT1A0
MBAWjULmZ9RS0LW10tydC2wMUeRb0aapjr6Z/D7pP8T6v6y5PqTxU2hoHziH5ysw
XrIzbbFc64dpQUJ8lmqMfUOZ2ZV5nMmKgJe9EsgVvTDexyQm07KN9z5ZuVNLF9dw
Uuo8zRohA6KyCiVOuY+OgQAslCMNyRo8Z/REPX9wb50XW7EnquZ1De+ce0UJA/rF
u+5YRw/z08+2TD0s4vsieV0tH0XxcCTyvR1YEbUlaZdpvj9WedG03BD6ZfUb+2wt
Z08kCVGzlqNWCggUfIkCB9CWq2ogua1zKZS4rNUqLIRGFh/PIf+6fx44ec/ajRWE
xP6GO+A0oVBxlbHBdKUm+aomWBX4HAdaZ+WnGbAndNtGK4aFzIkL9KR5PJuF8t8x
9EYDeKqqsv4GXvf05Lt8ZZWXGquEvrf99b+q0n1ETYGwdMG/CrdE6gWMki4m7+zW
E/py0yEYkQdJfRlaN0neDc0OwJWWCQDx+eFfXQC0XKLYeftigpsYRrFhnV0DwcB2
2JSR3E/AEYDbexR6djJd566kEV2EXgJqON8BgtReGwcZ9wvWH1OnxCYDAm6ELs9H
0hVw9UJs
=bFlc
-----END PGP SIGNATURE-----
--- End Message ---
