Overview
Request 627285 revoked
- Introduce patches:
* 0006-under-network-load-ps-can-decrease-connection-refcnt.patch
to fix the race condition on reference counter (bsc#1096368,
CVE-2018-10850)
* 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch
(bsc#1076530, CVE-2017-15134)
* 0008-invalid-password-migration-causes-unauth-bind.patch
(bsc#1076530, CVE-2017-15135)
- Created by dakechi
- In state revoked
- Package maintainers: aeneas_jaissle, darix, and firstyear
Request History
dakechi created request
- Introduce patches:
* 0006-under-network-load-ps-can-decrease-connection-refcnt.patch
to fix the race condition on reference counter (bsc#1096368,
CVE-2018-10850)
* 0007-fix-remote-dos-via-search-filters-in-slapi_filter_sprintf.patch
(bsc#1076530, CVE-2017-15134)
* 0008-invalid-password-migration-causes-unauth-bind.patch
(bsc#1076530, CVE-2017-15135)
aeneas_jaissle declined request
Thanks, went with the version bump, which obsoletes the patches.
darix revoked request
cleanup
Any compelling reason why you back-port patches for release 1.4.0.3 which is nine month old? E.g. fix for CVE-2017-15134 was released upstream half a year ago (1.4.0.5).
yeah this package we should just version bump. @stroeder want to do it?
No. I do not use 389-DS myself (I'm using and maintaing OpenLDAP) and I don't have anymore spare-time left.
There is an update in request #636186 so I'd suggest to close this request.
because I needed to do this for a maintenance of SLE-15, but I agree that the version bump would be better, but I will not have time to work on this right now.
@aeneas_jaissle, @darix: review reminder