Overview
Request 718552 accepted
Read all of the following carefully:
Update to upstream release 2.4.48 with security fixes:
* CVE-2019-13057 (ITS#9038):
rootdn of any db can assert any identity
* CVE-2019-13565 (ITS#9052):
Unauthorized access caused by incorrect handling of SASL SSF values
Fix CVE-2017-17740 by disabling(!) nops overlay not maintained by upstream (see also bsc#1073313, comment #36)
Note that I disabled slapo-nops instead of rebasing 0017-Fix-segfault-in-nops.patch which is somewhat debatable.
Removal of SuSEfirewall2 service.
Request History
stroeder created request
Read all of the following carefully:
Update to upstream release 2.4.48 with security fixes:
* CVE-2019-13057 (ITS#9038):
rootdn of any db can assert any identity
* CVE-2019-13565 (ITS#9052):
Unauthorized access caused by incorrect handling of SASL SSF values
Fix CVE-2017-17740 by disabling(!) nops overlay not maintained by upstream (see also bsc#1073313, comment #36)
Note that I disabled slapo-nops instead of rebasing 0017-Fix-segfault-in-nops.patch which is somewhat debatable.
Removal of SuSEfirewall2 service.
factory-auto added opensuse-review-team as a reviewer
Please review sources
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
staging-bot added openSUSE:Factory:Staging:D as a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:D"
staging-bot accepted review
Picked openSUSE:Factory:Staging:D
dimstar_suse changed priority to moderate => important
raising priority for openSUSE:Factory:Staging:D
namtrac accepted review
dimstar_suse accepted review
ready to accept
dimstar_suse approved review
ready to accept
dimstar_suse accepted request
Accept to openSUSE:Factory