Hi, an NMU with the following patch is sitting in DELAYED/7.
diff -u libnss-ldap-238/ldap-nss.c libnss-ldap-238/ldap-nss.c
--- libnss-ldap-238/ldap-nss.c
+++ libnss-ldap-238/ldap-nss.c
@@ -384,6 +384,37 @@
timelimit = __session.ls_config->ldc_bind_timelimit;
+#ifdef HAVE_LDAP_START_TLS_S
+ if (__session.ls_config->ldc_ssl_on == SSL_START_TLS)
+ {
+ int version;
+
+ if (ldap_get_option
+ (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
+ &version) == LDAP_OPT_SUCCESS)
+ {
+ if (version < LDAP_VERSION3)
+ {
+ version = LDAP_VERSION3;
+ ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION,
+ &version);
+ }
+ }
+
+ debug ("==> start_tls");
+ if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS)
+ {
+ debug ("TLS startup succeeded");
+ }
+ else
+ {
+ debug ("TLS startup failed");
+ return NSS_UNAVAIL;
+ }
+ debug ("<== start_tls");
+ }
+#endif /* HAVE_LDAP_START_TLS_S */
+
return do_bind (ld, timelimit, who, cred, with_sasl);
}
#else
diff -u libnss-ldap-238/debian/changelog libnss-ldap-238/debian/changelog
--- libnss-ldap-238/debian/changelog
+++ libnss-ldap-238/debian/changelog
@@ -1,3 +1,11 @@
+libnss-ldap (238-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Prevent potential information diclosure on TLS encrypted
+ referred connections (CAN-2005-2069), Closes: #316973
+
+ -- Moritz Muehlenhoff <[EMAIL PROTECTED]> Wed, 14 Sep 2005 23:56:18 +0200
+
libnss-ldap (238-1) unstable; urgency=low
* New upstream version, Closes: #292538
Christoph
--
[EMAIL PROTECTED] | http://www.df7cb.de/
signature.asc
Description: Digital signature
