[Pkg-fedora-ds-maintainers] Bug#860125: Bug#860125: 389-ds-base: CVE-2017-2668: Remote crash via crafted LDAP messages
carnil at debian.org
Fri Apr 14 05:24:15 UTC 2017
On Thu, Apr 13, 2017 at 11:59:38PM +0300, Timo Aaltonen wrote:
> On Thu, 13 Apr 2017, Salvatore Bonaccorso wrote:
> > Control: tags -1 + patch
> > Hi
> > The fix apparently applied in CentOS 184.108.40.206-20.el7_3 is
> > https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
> Hi, would it be fine to push 220.127.116.11 which, I believe, includes fix for
> this among other bugfixes? Can't check or push it before I'm back home on
> Sunday though.
I cannot really tell ;-). But best option then is to ask for the
pre-approval of the release team for a 18.104.22.168 based upload rather
than cherry-picked patch, explaining why the other included fixes are
important as well for stretch.
Does this help?
More information about the Pkg-fedora-ds-maintainers