Source: openldap Severity: important Tags: security Hi, CVE-2020-15719 was assigned to an issue in OpenLDAP found by Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=1740070
The underlying OpenLDAP bug is restricted, though: https://bugs.openldap.org/show_bug.cgi?id=9266 The patch applied by Red Hat is https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch bug given that 1740070 is restricted I'm not sure if it affects the Debian OpenLDAP packages or not (as we sue GNUTLS instead of OpenSSL) Cheers, Moritz