[Pkg-fedora-ds-maintainers] Bug#851769: Bug#851769: 389-ds-base: CVE-2017-2591

Timo Aaltonen tjaalton at debian.org
Thu Jan 26 20:29:16 UTC 2017


On 18.01.2017 18:16, Salvatore Bonaccorso wrote:
> Source: 389-ds-base
> Version: 1.3.5.15-1
> Severity: grave
> Tags: security upstream patch
> Justification: user security hole
> 
> Hi,
> 
> the following vulnerability was published for 389-ds-base. Choosed
> severity > important, since possibly as well triggerable by
> unauthenticated attackers, but I'm not too familiar if that setup is
> common.
> 
> CVE-2017-2591[0]:
> DoS via OOB heap read in "attribute uniqueness" plugin
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2017-2591
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591

Hi,
I don't understand the tags.. is there a patch somewhere? I can't find
anything upstream, and the CVE links don't give anything useful either.



More information about the Pkg-fedora-ds-maintainers mailing list