File _patchinfo of Package patchinfo.24433

<patchinfo incident="24433">
  <issue tracker="bnc" id="1197275">VUL-0: CVE-2022-0918: 389-ds: sending crafted message could result in DoS</issue>
  <issue tracker="bnc" id="1199889">VUL-0: CVE-2022-1949: 389-ds: access control bypass</issue>
  <issue tracker="bnc" id="1197345">VUL-0: CVE-2022-0996: 389-ds: expired password was still allowed to access the database</issue>
  <issue tracker="bnc" id="1195324"/>
  <issue tracker="bnc" id="1200175"/>
  <issue tracker="bnc" id="1188455"/>
  <issue tracker="cve" id="2022-0996"/>
  <issue tracker="cve" id="2022-1949"/>
  <issue tracker="cve" id="2022-0918"/>
  <issue tracker="cve" id="2021-3652"/>
  <issue tracker="cve" id="2021-4091"/>
  <packager>firstyear</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for 389-ds</summary>
  <description>This update for 389-ds fixes the following issues:

- CVE-2022-1949: Fixed full access control bypass with simple crafted query (bsc#1199889).
- CVE-2022-0918: Fixed denial of service issue via crafted messages (bsc#1197275).
- CVE-2022-0996: Fixed mishandling of password expiry (bsc#1197345).
- CVE-2021-4091: Fixed double free in psearch (bsc#1195324).
- CVE-2021-3652: Fixed disabled accounts may be able to bind with crypt passwords (bsc#1188455). 
</description>
</patchinfo>