[Pkg-fedora-ds-maintainers] Bug#842121: 389-ds-base: CVE-2016-5405: Password verification vulnerable to timing attack

Salvatore Bonaccorso carnil at debian.org
Wed Oct 26 04:31:11 UTC 2016

Source: 389-ds-base
Severity: important
Tags: security upstream


the following vulnerability was published for 389-ds-base. The
information though is very scarce, can you try to find more out about
upstream report and/or fix?

Password verification vulnerable to timing attack

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-5405
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1358865

Please adjust the affected versions in the BTS as needed.


More information about the Pkg-fedora-ds-maintainers mailing list