On Tue, 19 May 2015 19:56:07 -
Ryan Tandy <1446...@bugs.launchpad.net> wrote:
> The precise debdiff adds
> d/p/0001-ITS-7723-fix-reference-counting.patch which is the same as
> CVE-2013-4449.patch but not used in d/p/series.
Right, my bad, a leftover of an import I dismissed. Do you want me to
Hello,
On Tue, May 19, 2015 at 07:25:06PM -, Felipe Reyes wrote:
>Here I'm attaching a new version of the patch for precise that includes
>fixes for CVE-2012-1164, CVE-2013-4449 and CVE-2015-1545
The precise debdiff adds d/p/0001-ITS-7723-fix-reference-counting.patch
which is the same as CVE
Patch for vivid to fix CVE-2013-4449 and CVE-2015-1545
** Patch added: "lp1446809_vivid.patch"
https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4400529/+files/lp1446809_vivid.patch
--
You received this bug notification because you are a member of Ubuntu
Bug
Patch for trusty to fix CVE-2013-4449 and CVE-2015-1545
** Patch added: "lp1446809_trusty.debdiff"
https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4400527/+files/lp1446809_trusty.debdiff
--
You received this bug notification because you are a member of Ubu
Patch for utopic to fix CVE-2013-4449 and CVE-2015-1545
** Patch added: "lp1446809_utopic.debdiff"
https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4400528/+files/lp1446809_utopic.debdiff
--
You received this bug notification because you are a member of Ubu
Here I'm attaching a new version of the patch for precise that includes
fixes for CVE-2012-1164, CVE-2013-4449 and CVE-2015-1545
Pending to add patches to fix CVE-2013-4449 and CVE-2015-1545 in trusty,
utopic, vivid and wily.
** Description changed:
[Impact]
- * slapd in OpenLDAP before 2.4
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4449
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-1545
** Attachment removed: "lp1446809_precise.debdiff"
https://bugs.launchpad.net/ubuntu/precise/+source/openldap/+bug/1446809/+attachment/4392199/
Thanks, that seems fixed in the current serie, so closing that part and
accepting for precise. Since the issue has a CVE replacing the sponsors
by the security-team sponsors
** Also affects: openldap (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: openldap (Ubuntu)
** Tags removed: patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1446809
Title:
[SRU] denial of service via an LDAP search query with attrsOnly set to
true (CVE-2012-1164)
To manage notificat
The attachment "lp1446809_precise.debdiff" seems to be a debdiff. The
ubuntu-sponsors team has been subscribed to the bug report so that they
can review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag,
** Patch added: "lp1446809_precise.debdiff"
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1446809/+attachment/4392199/+files/lp1446809_precise.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad
** Description changed:
[Impact]
* slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a
denial of service (assertion failure and daemon exit) via an LDAP search
query with attrsOnly set to true, which causes empty attributes to be
returned.
* Trusty ships 2.4.31 whi
** Summary changed:
- denial of service via an LDAP search query with attrsOnly set to true
(CVE-2012-1164)
+ [SRU] denial of service via an LDAP search query with attrsOnly set to true
(CVE-2012-1164)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subs
13 matches
Mail list logo