Your message dated Tue, 22 Aug 2017 13:49:20 +0000 with message-id <e1dk9yw-000efa...@fasolo.debian.org> and subject line Bug#870752: fixed in 389-ds-base 1.3.6.7-1 has caused the Debian Bug report #870752, regarding 389-ds-base: CVE-2017-7551: Locked account provides different return code if password is correct to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 870752: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870752 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: 389-ds-base Version: 1.3.5.17-2 Severity: grave Tags: upstream patch security Forwarded: https://pagure.io/389-ds-base/issue/49336 Control: found -1 1.3.6.5-1 Hi, the following vulnerability was published for 389-ds-base. CVE-2017-7551[0]: Password brute-force possible for locked account due to different return codes If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7551 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7551 [1] https://pagure.io/389-ds-base/issue/49336 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: 389-ds-base Source-Version: 1.3.6.7-1 We believe that the bug you reported is fixed in the latest version of 389-ds-base, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 870...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Timo Aaltonen <tjaal...@debian.org> (supplier of updated 389-ds-base package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 22 Aug 2017 16:30:11 +0300 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-dev 389-ds-base Architecture: source Version: 1.3.6.7-1 Distribution: unstable Urgency: medium Maintainer: Debian 389ds Team <pkg-fedora-ds-maintain...@lists.alioth.debian.org> Changed-By: Timo Aaltonen <tjaal...@debian.org> Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries Closes: 870752 Changes: 389-ds-base (1.3.6.7-1) unstable; urgency=medium . * New upstream release - fix CVE-2017-7551 (Closes: #870752) * fix-tests.diff: Dropped, fixed upstream. Checksums-Sha1: 21adaa56099f562a74644a0e8da4ea38875a3652 2550 389-ds-base_1.3.6.7-1.dsc ab573e5bb83d5752867e7be0e8fea6de1629aba2 3439437 389-ds-base_1.3.6.7.orig.tar.bz2 97fceb0ae900a6aef2e5acc0744ec12094c3a30c 19944 389-ds-base_1.3.6.7-1.debian.tar.xz Checksums-Sha256: 4b0c85f9f18375fe285b4138e91fefa2ac884e1d83845f90c52a841b156adc62 2550 389-ds-base_1.3.6.7-1.dsc d6a8a4dbe1ebd30eff2ad20f550fe2e1b2673ca632cbfbee46baaff2671062db 3439437 389-ds-base_1.3.6.7.orig.tar.bz2 e5009f0a79833655552721c5d4be0915294c1a1a0817c8600b12551c9b180c85 19944 389-ds-base_1.3.6.7-1.debian.tar.xz Files: a9e4368e3fd974036ce2e23d87df18da 2550 net optional 389-ds-base_1.3.6.7-1.dsc 90b639fff61a084308d6b5dcdb70636b 3439437 net optional 389-ds-base_1.3.6.7.orig.tar.bz2 ca992c4ebad9d68afbfbc997a4898e0d 19944 net optional 389-ds-base_1.3.6.7-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJZnDH3AAoJEMtwMWWoiYTccTQP/2mvXFjLt0IaKTgsfOOwyY6+ H1uSukO9PeAts+zuRFNozWEJMka99dBBk8mUPV8fwm1+ovyAbGUqyaIsz2IMFzqM biicKjHUQHp0FkYl/tp16ocPo/v2JD1f/lwtrbMk7k/6mTpG+oca8XguedJQWFDV XAocOnXsHVJ2OTGoCArQFjNk65V265Jekmtqnh2hDP8pULG+HFKk+BmoFcSPktLf X7kpJZ85YqwmgSJHktkAirFwMym+w+sdfXRC1AQgvH0OHHPD+GPkff87yOndhGgd oUv493ZlLVD0JDHOPwuLSeJISZEjtFWOQ+OV+19TiTZy+yThj/9y3DaxmctG2WEz hzJ2AuJy7hwZqU1XZu3efDZrLTQyiCSyMMApp8FvQjWNrKO3Dl9Wfh9XG++ymQKq XJyyLClWPin5x4SUfCSJWZd5yY/AhRZ+nSWRZVNCYpy80svhHHpWzAd1NviCY3UY sKI06677EiKAbRAWEnWzC5rlmeMlwwvpph0Z90CKKRCVM/X6uJbTAQ1V73K5Hl9D iL6TB3jm5NQbPKsNmT2SDgykZG3dxXjN02OKWobfdzo9//sxKaQWt/bbo6HSwb5L cEEj8dtZuURFMwTYcsh7kS+lPZuGTNLbxka8+bsTFYuW+20qhm+aLU2xJGkZDvpb 09f8P6o0OAhWb9a1T4qo =w7Iz -----END PGP SIGNATURE-----
--- End Message ---
