On Tue, 3 Feb 2015 12:38:39 -0800 Ryan Tandy <r...@nardis.ca> wrote: > Bill MacAllister discovered that certain queries cause slapd to crash > while freeing operation controls. Details to follow.
I've some problems in understanding this comment from upstream bug report: > The system exhibiting this problem was running a beta release of > 2.4.40. When I installed from a build of the current stable the > problem disappeared. Apologies for the bother, I didn't realize > the system had not been updated. > > I think that documenting the query would be useful anyway, but I > want to hold off on that because I know the problem exists in the > build that is in debian backports. I would like to give Ryan a > chance to fix it before I publish it. I was able to reproduce the > problem with ldapsearch and it is a trival and very effective > denial of service attack. Is it something that we introduced with our patching? Where did he get a beta release of 2.4.40? Does "a build of current stable" mean 2.4.31-1+nmu2 from wheezy or some upstream version he built? In the last paragraph, is he implying that he is unable to reproduce the bug with vanilla openldap? Cheers, Luca -- .''`. | ~<[ Luca BRUNO ~ (kaeso) ]>~ : :' : | Email: lucab (AT) debian.org ~ Debian Developer `. `'` | GPG Key ID: 0x3BFB9FB3 ~ Free Software supporter `- | HAM-radio callsign: IZ1WGT ~ Networking sorcerer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org