Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name
Hi, Quanah Gibson-Mount wrote: Also, if Debian's still supporting anything based on OL 2.3, I have a clean patch for this issue for it as well. Could you send the patch for OL 2.3 please? Thanks in advance, Giuseppe signature.asc Description: OpenPGP digital signature
Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name
--On Tuesday, November 10, 2009 6:58 PM +0100 Giuseppe Iuculano iucul...@debian.org wrote: Hi, Quanah Gibson-Mount wrote: Also, if Debian's still supporting anything based on OL 2.3, I have a clean patch for this issue for it as well. Could you send the patch for OL 2.3 please? Sent it this morning already. :) --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#553432: [Pkg-openldap-devel] Bug#553432: Bug#553432: CVE-2009-3767: Doesn't properly handle NULL character in subject Common Name
--On Saturday, October 31, 2009 8:47 AM -0700 Quanah Gibson-Mount qua...@zimbra.com wrote: --On Saturday, October 31, 2009 10:57 AM +0100 Giuseppe Iuculano iucul...@debian.org wrote: Package: openldap Severity: grave Tags: security patch This was fixed in OpenLDAP 2.4.18 (Just to note). Also, how easily someone can set up a rogue LDAP server masquarading as someone else's ldap server seems not particularly simple to do. I.e., this requires someone to set up an LDAP server with a bad cert, and then intercept someone elses ldap client traffic to that server. Also, if Debian's still supporting anything based on OL 2.3, I have a clean patch for this issue for it as well. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org