Your message dated Mon, 22 Oct 2007 07:17:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#445582: fixed in ldapscripts 1.7.1-2 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: ldapscripts Severity: serious Version: 1.4-2 Tag: security Unless you're running grsecurity or some other patched kernel, the following cannot be good: _changepassword () { if [ -z "$1" ] || [ -z "$2" ] then end_die "_changepassword : missing argument(s)" else if is_yes "$RECORDPASSWORDS" then echo "$2 : $1" >> "$PASSWORDFILE" fi $LDAPPASSWDBIN -w "$BINDPWD" -D "$BINDDN" -xH "ldap://$SERVER"; -s "$1" "$2" 2>>"$LOGFILE" 1>/dev/null fi } Don Armstrong -- This message brought to you by weapons of mass destruction related program activities, and the letter G. http://www.donarmstrong.com http://rzlab.ucr.edu
--- End Message ---
--- Begin Message ---Source: ldapscripts Source-Version: 1.7.1-2 We believe that the bug you reported is fixed in the latest version of ldapscripts, which is due to be installed in the Debian FTP archive: ldapscripts_1.7.1-2.diff.gz to pool/main/l/ldapscripts/ldapscripts_1.7.1-2.diff.gz ldapscripts_1.7.1-2.dsc to pool/main/l/ldapscripts/ldapscripts_1.7.1-2.dsc ldapscripts_1.7.1-2_all.deb to pool/main/l/ldapscripts/ldapscripts_1.7.1-2_all.deb ldapscripts_1.7.1.orig.tar.gz to pool/main/l/ldapscripts/ldapscripts_1.7.1.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pierre Habouzit <[EMAIL PROTECTED]> (supplier of updated ldapscripts package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 21 Oct 2007 12:27:03 +0200 Source: ldapscripts Binary: ldapscripts Architecture: source all Version: 1.7.1-2 Distribution: unstable Urgency: low Maintainer: Pierre Habouzit <[EMAIL PROTECTED]> Changed-By: Pierre Habouzit <[EMAIL PROTECTED]> Description: ldapscripts - Add and remove user and groups (stored in a ldap directory) Closes: 324296 340785 405755 445582 445582 Changes: ldapscripts (1.7.1-2) unstable; urgency=low . * New upstream release: + Has the fix for CVE-2007-5373 (Closes: #445582). + User can now modify ldiff skeleton (Closes: #405755). * Make upstream support DESTDIR in its makefile. Files: 3221f002dedbc2a6bd5d751d91856ff9 588 admin optional ldapscripts_1.7.1-2.dsc 33cc2ef99cc70d9dc9a89a1955aa765c 26149 admin optional ldapscripts_1.7.1.orig.tar.gz 7658935e186d1d82f6ddc9d8c3674f19 11821 admin optional ldapscripts_1.7.1-2.diff.gz cddcfdda05c754a7021f8e17279ad2a3 39342 admin optional ldapscripts_1.7.1-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHHEzQvGr7W6HudhwRAn18AJ0aNHfnFeYIh2UXhdFACAj4XNudBQCgjsUz esWKx2juQKMitKCG8bPsiG0= =SmVn -----END PGP SIGNATURE-----
--- End Message ---
