[Pkg-fedora-ds-maintainers] Bug#860125: Bug#860125: 389-ds-base: CVE-2017-2668: Remote crash via crafted LDAP messages

Salvatore Bonaccorso carnil at debian.org
Fri Apr 14 05:24:15 UTC 2017

Hi Timo,

On Thu, Apr 13, 2017 at 11:59:38PM +0300, Timo Aaltonen wrote:
> On Thu, 13 Apr 2017, Salvatore Bonaccorso wrote:
> > Control: tags -1 + patch
> > 
> > Hi
> > 
> > The fix apparently applied in CentOS is
> > 
> > https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
> Hi, would it be fine to push which, I believe, includes fix for
> this among other bugfixes? Can't check or push it before I'm back home on
> Sunday though.

I cannot really tell ;-). But best option then is to ask for the
pre-approval of the release team for a based upload rather
than cherry-picked patch, explaining why the other included fixes are
important as well for stretch.

Does this help?


More information about the Pkg-fedora-ds-maintainers mailing list