** Changed in: openldap (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openldap in Ubuntu.
https://bugs.launchpad.net/bugs/1977627
Title:
New upstream microrelease 2.5.12
Status in openldap package in Ubuntu:
Invalid
Status in openldap source package in Jammy:
Fix Committed
Bug description:
[ Impact ]
* MRE for the latest stable OpenLDAP 2.5.x release, 2.5.12.
This update includes bugfixes only following the SRU policy exception
defined at https://wiki.ubuntu.com/OpenLDAPUpdates.
[ Major Changes ]
* See the list of bugs fixed in this release here:
https://lists.openldap.org/hyperkitty/list/openldap-
annou...@openldap.org/thread/LSEQKADYZFFMZJGPEVBRR3OVOY4IOGRA/
* In particular, this release includes the fix for CVE-2022-29155,
but since the CVE has already been addressed by the currently OpenLDAP
version in Jammy (2.5.11+dfsg-1~exp1ubuntu3.1), this does not classify
as a security upload.
[ Test Plan ]
* Upstream gitlab pipeline results:
https://git.openldap.org/openldap/openldap/-/pipelines/4298
* Upstream "call for testing":
https://lists.openldap.org/hyperkitty/list/openldap-
techni...@openldap.org/thread/5ZJEOQSVFQBG5TRLAAF6S5M3VRJH5IAV/
* As described in the MRE wiki page for OpenLDAP, the test plan is to
build the package in bileto and make sure that (1) all build-time
tests pass and (2) all autopkgtest runs (from reverse dependencies)
also pass.
* Build log (amd64) confirming that the build-time testsuite has been
performed and completed successfully:
https://launchpadlibrarian.net/606922528/buildlog_ubuntu-jammy-
amd64.openldap_2.5.12+dfsg-0ubuntu0.22.04.1_BUILDING.txt.gz
* Bileto ticket: https://bileto.ubuntu.com/#/ticket/4868
[ Where problems could occur ]
* Upstream tests are always executed during build-time. There are
many reverse dependencies whose dep8 tests depend on OpenLDAP so the
coverage is good. Nevertheless, there is always a risk for something
to break since we are dealing with a microrelease upgrade. Whenever a
test failure is detected, we will be on top of it and make sure it
doesn't affect existing users.
[ Other Info ]
* This is a reoccurring MRE. See below for links to previous
OpenLDAP MREs.
* CVEs fixed by this release:
- CVE-2022-29155, which has already been addressed in Jammy.
Current versions in supported releases that got updates:
openldap | 2.5.11+dfsg-1~exp1ubuntu3.1 | jammy-updates | source
Special cases:
- None.
Previous MREs for OpenLDAP:
- None so far.
As usual we test and prep from the PPA and then push through
SRU/Security as applicable.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1977627/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
