On Sat, May 02, 2020 at 08:57:32AM -0400, Roberto C. Sánchez wrote:
Hi Ryan. The update is uploaded and built on all architectures and I
have published the DLA.
I tried to push a tag, but I do not have commit permissions to the
openldap project in Salsa. You might consider tagging the current
/changelog
@@ -1,3 +1,10 @@
+openldap (2.4.40+dfsg-1+deb8u6) jessie-security; urgency=high
+
+ * Fix slapd to limit depth of nested expressions in search filters
+(ITS#9202) (CVE-2020-12243)
+
+ -- Ryan Tandy Mon, 20 Apr 2020 11:22:35 -0700
+
openldap (2.4.40+dfsg-1+deb8u5) jessie-security
On Wed, Aug 14, 2019 at 10:13:06PM +0200, Markus Koschany wrote:
Thank you for preparing an update for openldap in Jessie. I will take
care of all necessary paper work and upload the package for you.
Great. Thank you! I uploaded the package to mentors.d.n, so the source
package is available at
databases
+(CVE-2019-13057) (ITS#9038) (Closes: #932997)
+ * Fix slapd to enforce sasl_ssf ACL statement on every connection
+(CVE-2019-13565) (ITS#9052) (Closes: #932998)
+ * Fix slapo-rwm to not free original filter when rewritten filter is invalid
+(ITS#8964) (Closes: #934277, LP: #1
On Sun, Sep 13, 2015 at 07:39:34PM +0200, Thorsten Alteholz wrote:
Yes, the second time it failed at the same test.
OK, that's more concerning. :/
Would it be possible for you to send me the contents of
openldap-2.4.23/tests/testrun/ after the failure?
Hmm, so what do you suggest now? Shall
On Sun, Sep 13, 2015 at 04:52:58PM +0200, Thorsten Alteholz wrote:
while building that with pbuilder, I got:
Starting test048-syncrepl-multiproxy for bdb...
running defines.sh
Starting master slapd on TCP/IP port 9011...
Using ldapsearch to check that master slapd is running...
Using ldapadd t
Hi LTS team,
I prepared an openldap update to fix CVE-2015-6908 in squeeze:
http://mentors.debian.net/debian/pool/main/o/openldap/openldap_2.4.23-7.3+deb6u2.dsc
The same patch was released as DSA 3356-1:
https://lists.debian.org/debian-security-announce/2015/msg00255.html
Would some member of
Hi,
Uploaded openldap for squeeze-lts to mentors:
http://mentors.debian.net/debian/pool/main/o/openldap/openldap_2.4.23-7.3+deb6u1.dsc
Would a member of the LTS team be willing to sponsor it and announce the
update? The issues fixed are the same as DSA-3209-1, plus CVE-2012-1164.
I didn't re
On Mon, Apr 13, 2015 at 10:57:54PM +0200, Holger Levsen wrote:
Ryan, I believe you might find some testers among the Debian Edu users, which
uses openldap by default. Best if you couldd provide binary packages
(amd64/i386) for download somewhere...
Thanks for the suggestion. Uploaded UNRELEASED
On Wed, Apr 08, 2015 at 11:10:42AM +0200, Thorsten Alteholz wrote:
Hi Ryan,
Hi!
On Tue, 10 Mar 2015, Ryan Tandy wrote:
We currently have a few patches pending or under discussion for
wheezy. After the changes for stable are finalized, I hope to
backport them to squeeze as well, when time
On Tue, Mar 10, 2015 at 04:33:50PM +0100, Raphael Hertzog wrote:
Hello dear maintainer(s),
Hi,
the Debian LTS team recently reviewed the security issue(s) affecting your
package in Squeeze:
https://security-tracker.debian.org/tracker/CVE-2015-1545
We decided that we would not prepare a squee
Package: www.debian.org
Severity: wishlist
User: www.debian@packages.debian.org
Usertags: packages
X-Debbugs-CC: debian-lts@lists.debian.org
Dear maintainers,
(I saw a message from Jens Korte to the list about this, but I don't
think it was answered.)
Would you please include the squeeze-lts
12 matches
Mail list logo
