Hi, an NMU with the following patch is sitting in DELAYED/7.
diff -u libnss-ldap-238/ldap-nss.c libnss-ldap-238/ldap-nss.c --- libnss-ldap-238/ldap-nss.c +++ libnss-ldap-238/ldap-nss.c @@ -384,6 +384,37 @@ timelimit = __session.ls_config->ldc_bind_timelimit; +#ifdef HAVE_LDAP_START_TLS_S + if (__session.ls_config->ldc_ssl_on == SSL_START_TLS) + { + int version; + + if (ldap_get_option + (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION, + &version) == LDAP_OPT_SUCCESS) + { + if (version < LDAP_VERSION3) + { + version = LDAP_VERSION3; + ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION, + &version); + } + } + + debug ("==> start_tls"); + if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS) + { + debug ("TLS startup succeeded"); + } + else + { + debug ("TLS startup failed"); + return NSS_UNAVAIL; + } + debug ("<== start_tls"); + } +#endif /* HAVE_LDAP_START_TLS_S */ + return do_bind (ld, timelimit, who, cred, with_sasl); } #else diff -u libnss-ldap-238/debian/changelog libnss-ldap-238/debian/changelog --- libnss-ldap-238/debian/changelog +++ libnss-ldap-238/debian/changelog @@ -1,3 +1,11 @@ +libnss-ldap (238-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Prevent potential information diclosure on TLS encrypted + referred connections (CAN-2005-2069), Closes: #316973 + + -- Moritz Muehlenhoff <[EMAIL PROTECTED]> Wed, 14 Sep 2005 23:56:18 +0200 + libnss-ldap (238-1) unstable; urgency=low * New upstream version, Closes: #292538 Christoph -- [EMAIL PROTECTED] | http://www.df7cb.de/
signature.asc
Description: Digital signature