Hello, On Sat, 18 Jan 2025, at 18:13, Salvatore Bonaccorso wrote: >> The following were cherry-picks with no other changes from the >> upstream’s Git repostitory, branch 2.4.6: >> >> - Security fix for CVE-2024-3657 >> - Security fix for CVE-2024-5953 >> - Security fix for CVE-2024-8445 >> - Security fix for CVE-2024-2199
> I have a question on the followup for CVE-2024-2199, CVE-2024-8445 > exists because of an incomplete fix for CVE-2024-2199. What is the > orgin of the applied patch for CVE-2024-8445? > It has, AFAICS as well not yet as well addressed in unstable? Is the > applied fix validated from upstream? This fix comes from the upstream repo, branch 1.4.3: https://github.com/389ds/389-ds-base/commit/1d3fddaac33 I’m not sure why it’s not on other branches, and the bug’s description is (intentionally?) very vague about *which* versions are affected. -- Cheers, Andrej
