[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** Changed in: openldap2.2 (Ubuntu Dapper) Status: In Progress = Fix Committed ** Changed in: openldap2.2 (Ubuntu Edgy) Status: In Progress = Fix Committed ** Changed in: openldap2.2 (Ubuntu Feisty) Status: In Progress = Fix Committed ** Changed in: openldap2.2 (Ubuntu Gutsy) Status: In Progress = Fix Committed -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
http://www.ubuntu.com/usn/usn-584-1 ** Changed in: openldap2.2 (Ubuntu Dapper) Status: Fix Committed = Fix Released ** Changed in: openldap2.2 (Ubuntu Edgy) Status: Fix Committed = Fix Released ** Changed in: openldap2.2 (Ubuntu Feisty) Status: Fix Committed = Fix Released ** Changed in: openldap2.2 (Ubuntu Gutsy) Status: Fix Committed = Fix Released -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
openldap2.3 (2.4.7-6ubuntu1) hardy; urgency=low * Merge from Debian unstable, remaining changes: + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 allows remote authenticated users to cause a denial of service (daemon crash) via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related issue to CVE-2007-6698. + debian/apparmor-profile: add AppArmor profile + debian/slapd.postinst: Reload AA profile on configuration + updated debian/slapd.README.Debian for note on AppArmor + debian/control: Replaces apparmor-profiles 2.1+1075-0ubuntu4 as we should now take control + debian/control: Conflicts with apparmor-profiles 2.1+1075-0ubuntu4 to make sure that if earlier version of apparmor-profiles gets installed it won't overwrite our profile + Modify Maintainer value to match the DebianMaintainerField specification. -- Steve Langasek [EMAIL PROTECTED] Tue, 04 Mar 2008 01:59:51 + ** Changed in: openldap2.2 (Ubuntu) Status: In Progress = Fix Released -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** Changed in: openldap2.2 (Ubuntu Dapper) Status: New = In Progress ** Changed in: openldap2.2 (Ubuntu Edgy) Status: New = In Progress -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
Taking for sponsoring, thanks Emanuele! ** Changed in: openldap2.2 (Ubuntu) Assignee: (unassigned) = Martin Pitt (pitti) -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** Changed in: openldap2.2 (Ubuntu Gutsy) Importance: Undecided = Medium Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = In Progress ** Changed in: openldap2.2 (Ubuntu Feisty) Importance: Undecided = Medium Assignee: (unassigned) = Emanuele Gentili (emgent) Status: New = In Progress -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** Attachment added: feisty_openldap2.3_2.3.30-2ubuntu0.2.debdiff http://launchpadlibrarian.net/12361728/feisty_openldap2.3_2.3.30-2ubuntu0.2.debdiff -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** Changed in: openldap2.2 (Ubuntu Dapper) Assignee: (unassigned) = Jamie Strandboge (jamie-strandboge) ** Changed in: openldap2.2 (Ubuntu Edgy) Assignee: (unassigned) = Jamie Strandboge (jamie-strandboge) -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-6698 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-0658 -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
CVE-2007-6698 seems already fixed in gutsy. -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
+openldap2.3 (2.3.35-1ubuntu0.2) gutsy-security; urgency=low + + * SECURITY UPDATE: + + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077) + slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 + allows remote authenticated users to cause a denial of service (daemon crash) + via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related + issue to CVE-2007-6698. + + * References + - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658 + - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358 + + -- Emanuele Gentili [EMAIL PROTECTED] Sun, 02 Mar 2008 15:20:13 +0100 ** Attachment added: gutsy_openldap2.3_2.3.35-1ubuntu0.2.debdiff http://launchpadlibrarian.net/12351701/gutsy_openldap2.3_2.3.35-1ubuntu0.2.debdiff -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
I didn't find any reference to CVE-2007-6698 in gutsy. Is this also going into dapper LTS? -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
For gutsy, CVE-2007-6698 was patched. in dapper i will see. http://www.openldap.org/lists/openldap-bugs/200704/msg00067.html -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** Attachment added: hardy_openldap2.3_2.4.7-5ubuntu2.debdiff http://launchpadlibrarian.net/12352396/hardy_openldap2.3_2.4.7-5ubuntu2.debdiff -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** Changed in: openldap2.2 (Ubuntu) Importance: Undecided = Medium Status: New = In Progress -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
feisty = are vulnerable to CVE 2007-6698 and CVE 2008-0658, i will release all fix. Thanks for your help xormar. -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 197077] Re: 6.06 LTS: CVE-2007-6698, CVE-2008-0658
** Visibility changed to: Public -- 6.06 LTS: CVE-2007-6698, CVE-2008-0658 https://bugs.launchpad.net/bugs/197077 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs