Your message dated Mon, 05 Apr 2021 13:32:14 +0000 with message-id <e1ltpkw-0000w7...@fasolo.debian.org> and subject line Bug#985936: fixed in ldb 2:1.5.1+really1.4.6-3+deb10u1 has caused the Debian Bug report #985936, regarding ldb: CVE-2020-27840 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 985936: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ldb Version: 2:2.2.0-3 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://bugzilla.samba.org/show_bug.cgi?id=14595 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for ldb. CVE-2020-27840[0]: | Heap corruption via crafted DN strings If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-27840 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27840 [1] https://bugzilla.samba.org/show_bug.cgi?id=14595 [2] https://www.samba.org/samba/security/CVE-2020-27840.html Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: ldb Source-Version: 2:1.5.1+really1.4.6-3+deb10u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of ldb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 985...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ldb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 28 Mar 2021 10:35:25 +0200 Source: ldb Architecture: source Version: 2:1.5.1+really1.4.6-3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Samba Maintainers <pkg-samba-ma...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 985935 985936 Changes: ldb (2:1.5.1+really1.4.6-3+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * lib ldb: Check if ldb_lock_backend_callback called twice (CVE-2020-10730) * ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840) (Closes: #985936) * ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277) (Closes: #985935) Checksums-Sha1: d4be8ebbe6058a671962ea9d7541db0f37c00fe0 2735 ldb_1.5.1+really1.4.6-3+deb10u1.dsc 7563ec51c1621c8b72a579c5550ef2cce8edd8ab 1431798 ldb_1.5.1+really1.4.6.orig.tar.gz 33374bb929ad70faa0bf8a060de29c29ba4c4263 21232 ldb_1.5.1+really1.4.6-3+deb10u1.debian.tar.xz Checksums-Sha256: b4571fafe2adce13583526ab34cfae7f5188e2ab5a39db53d5d72e75663703f9 2735 ldb_1.5.1+really1.4.6-3+deb10u1.dsc a7d008244d95ae8afbff9a843cd3282e92f71d3748e0fd93e3d1b81bd5985983 1431798 ldb_1.5.1+really1.4.6.orig.tar.gz 23ebc07f65f0f8371f5962adb13477616fc16e454a1e9242a545b5e5127e3e16 21232 ldb_1.5.1+really1.4.6-3+deb10u1.debian.tar.xz Files: 4b2cb3a48bb5fbc15fc93690e7216203 2735 devel optional ldb_1.5.1+really1.4.6-3+deb10u1.dsc 3951773a4fed1b3ae27af24972c2ac50 1431798 devel optional ldb_1.5.1+really1.4.6.orig.tar.gz e1fb8be8ebd5268da447e7a65845d28c 21232 devel optional ldb_1.5.1+really1.4.6-3+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmBgUrBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELR8P/0TU5wWptYuOheMEVnJ94eNx+d8Klydu d4ijTcifA4fJL0ExGb69dRPpduiAPuJ/Y1RamKqLlxq5iG+7DYHoUD145mUrFD4o zdUSDpo9/fv1hn2GyOCI/Fm5il5JkDUG7s95PVGRTtABqKbXhItFTll9d9Az5Mu+ jbSpjQ70tsgO2CNPSB+pkpRbmtftn8KFT94k/9v0l1eF64QymfWKkS921D2bwpOV BpdfrWNuEBCnNrusvLC4MkT2dhpd6VQreU83fSjXZul6TgcgZTyqnFJGKU6d0SDn z2fBIO+lwCpSrWe47+cwnnkEJAUoOjDZSX0C0ZCRmdLj76E8mJTwxNMwsIjVTaWv HS+EWt1x/boCDASW10tdJuQQ8ebRJ+wX/Aguh8xl3mIdOD2HtuNS1JdUTSnh6M+2 W9c/VVYXcvtTDaqUteUq4T/5t/ZGQk6ElMKPN71Ug1U9o5lAiQHVWA7EZNcbEQyN R9KMjby6AqUK4BGiJc23HY+Oh5DltV5ja2NtgvUFhfR54JJDs6zyjaUkrqFj5570 Pk9Vum4JaJF9MqnQowojsKm4Igxb81oAp2K8m+NANA3g/hKQs7pCdIu+vWDE226d uU4l9F966c/9L5pnR8nBV+cASZV64OoFWlZTizXZtS0qHsJPz09wAohMzCz67Tov 4QdO5ilIpRqc =Uy9E -----END PGP SIGNATURE-----
--- End Message ---
