subject:"Bug#553432\: \[Pkg\-openldap\-devel\] Bug#553432\: Bug#553432\: CVE\-2009\-3767\: Doesn't properly handle NULL character in subject Common Name"

Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name

2009-11-10 Thread Giuseppe Iuculano

Hi,

Quanah Gibson-Mount wrote:
 Also, if Debian's still supporting anything based on OL 2.3, I have a clean 
 patch for this issue for it as well.

Could you send the patch for OL 2.3 please?

Thanks in advance,
Giuseppe



signature.asc
Description: OpenPGP digital signature

Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name

2009-11-10 Thread Quanah Gibson-Mount

--On Tuesday, November 10, 2009 6:58 PM +0100 Giuseppe Iuculano 
iucul...@debian.org wrote:



Hi,

Quanah Gibson-Mount wrote:

Also, if Debian's still supporting anything based on OL 2.3, I have a
clean  patch for this issue for it as well.


Could you send the patch for OL 2.3 please?


Sent it this morning already. :)

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

Zimbra ::  the leader in open source messaging and collaboration



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name

2009-10-31 Thread Quanah Gibson-Mount

--On Saturday, October 31, 2009 8:47 AM -0700 Quanah Gibson-Mount 
qua...@zimbra.com wrote:



--On Saturday, October 31, 2009 10:57 AM +0100 Giuseppe Iuculano
iucul...@debian.org wrote:


Package: openldap
Severity: grave
Tags: security patch


This was fixed in OpenLDAP 2.4.18 (Just to note).

Also, how easily someone can set up a rogue LDAP server masquarading as
someone else's ldap server seems not particularly simple to do.  I.e.,
this requires someone to set up an LDAP server with a bad cert, and then
intercept someone elses ldap client traffic to that server.


Also, if Debian's still supporting anything based on OL 2.3, I have a clean 
patch for this issue for it as well.


--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc

Zimbra ::  the leader in open source messaging and collaboration



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name

Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name

Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name

3 matches

Site Navigation

Mail list logo

Footer information