Overview

File _patchinfo of Package patchinfo.41137

<patchinfo incident="41137">
  <issue tracker="cve" id="2025-61912"/>
  <issue tracker="cve" id="2025-61911"/>
  <issue tracker="bnc" id="1251913">VUL-0: CVE-2025-61912: python-ldap: In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte</issue>
  <issue tracker="bnc" id="1251912">VUL-0: CVE-2025-61911: python-ldap: In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters</issue>
  <packager>StevenK</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for python-ldap</summary>
  <description>This update for python-ldap fixes the following issues:

- CVE-2025-61911: Enforce str for escape_filter_chars (bsc#1251912).
- CVE-2025-61912: Escape NULs as per RFC 4514 in escape_dn_chars (bsc#1251913).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places