** Changed in: openldap (Debian)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1557248
Title:
OpenLDAP: Backport a fix for
** Changed in: openldap (Debian)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1557248
Title:
OpenLDAP: Backport a fix for
This bug was fixed in the package openldap - 2.4.41+dfsg-1ubuntu2.1
---
openldap (2.4.41+dfsg-1ubuntu2.1) wily; urgency=medium
* Fix use after free with GnuTLS. (LP: #1557248)
-- Maciej Puzio Wed, 23 Mar 2016 13:42:50
-0500
** Changed in: openldap
This bug was fixed in the package openldap - 2.4.42+dfsg-2ubuntu3.1
---
openldap (2.4.42+dfsg-2ubuntu3.1) xenial; urgency=medium
* Fix use after free with GnuTLS. (LP: #1557248)
-- Maciej Puzio Fri, 25 Mar 2016 15:24:25
-0500
** Changed in: openldap
I can confirm that the following packages from xenial-proposed fix the bug:
slapd 2.4.42+dfsg-2ubuntu3.1
libldap-2.4-2 2.4.42+dfsg-2ubuntu3.1
ldap-utils 2.4.42+dfsg-2ubuntu3.1
I did not test the packages in wily-proposed. Setting the test
environment is not trivial, and I don't think it is
Chris, thank you very much for preparing the packages for -proposed
repos. I started testing of xenial-proposed version, but tests are not
progressing quickly, due to issues that I described above. In addition I
have run into another problem, likely unrelated to this bug, which is
further
Hello Maciej, or anyone else affected,
Accepted openldap into wily-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/openldap/2.4.41+dfsg-
1ubuntu2.1 in a few hours, and then in the -proposed repository.
Please help us by testing this new package. See
This bug was fixed in the package openldap - 2.4.42+dfsg-2ubuntu4
---
openldap (2.4.42+dfsg-2ubuntu4) yakkety; urgency=medium
* Fix use after free with GnuTLS. (LP: #1557248)
-- Maciej Puzio Fri, 25 Mar 2016 15:24:25
-0500
** Changed in: openldap (Ubuntu
Due to the nature of this bug (referencing previously freed memory
leading to an undefined behavior), a reliable testing procedure is
difficult to create. This bug was originally found by looking for a
cause of syncrepl failures. The reproducibility of these failures was
about 50%, enough to make
Thanks for the patched packages!
I've uploaded your changes to yakkety with a slight change in the
changelog to better describe the issue. I've also uploaded updates to
wily and xenial for processing by the SRU team. Thanks!
** Changed in: openldap (Ubuntu Yakkety)
Status: Confirmed =>
As per the SRU requirements, could you please update the bug description
with a testing procedure? See here for more information:
https://wiki.ubuntu.com/StableReleaseUpdates
Thanks!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
** Also affects: openldap (Ubuntu Wily)
Importance: Undecided
Status: New
** Also affects: openldap (Ubuntu Yakkety)
Importance: Medium
Status: Confirmed
** Also affects: openldap (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: openldap (Ubuntu
** Changed in: openldap (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1557248
Title:
OpenLDAP: Backport a fix for use-after-free
** Changed in: openldap (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1557248
Title:
OpenLDAP: Backport a fix for
** Tags added: wily xenial
** Also affects: openldap (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820244
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
I reported the bug to Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820244
** Bug watch added: Debian Bug tracker #820244
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820244
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which
I created patched openldap packages for xenial, available on the same
PPA as above. I tested amd64 packages on xenial beta 2.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
I have just found that Howard Chu of OpenLDAP team had already uploaded this
patch to Launchpad VCS:
http://bazaar.launchpad.net/~vcs-imports/openldap/master/revision/20757
Hopefully we will have the package released soon.
--
You received this bug notification because you are a member of Ubuntu
** Tags added: patch-accepted-upstream
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1557248
Title:
OpenLDAP: Backport a fix for use-after-free in GnuTLS-related code
I created a PPA with patched deb packages, available at:
https://launchpad.net/~maciej-puzio/+archive/ubuntu/openldap
Currently it contains openldap-2.4.41 source package with the above patch
applied, as well as binary debs built from it, for amd64 and i386. These
packages are for Ubuntu 15.10
This patch may also resolve
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1547927
I'll confirm once available and I have an opportunity to test.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openldap (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
The attachment "tls_g.patch" seems to be a patch. If it isn't, please
remove the "patch" flag from the attachment, remove the "patch" tag, and
if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray,
Patch created by OpenLDAP team applies cleanly to openldap 2.4.41+dfsg-
1ubuntu2 (wily).
** Patch added: "tls_g.patch"
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1557248/+attachment/4607004/+files/tls_g.patch
--
You received this bug notification because you are a member of
24 matches
Mail list logo