[Pkg-fedora-ds-maintainers] Bug#851769: Bug#851769: 389-ds-base: CVE-2017-2591

Timo Aaltonen tjaalton at debian.org
Thu Jan 26 20:29:16 UTC 2017

On 18.01.2017 18:16, Salvatore Bonaccorso wrote:
> Source: 389-ds-base
> Version:
> Severity: grave
> Tags: security upstream patch
> Justification: user security hole
> Hi,
> the following vulnerability was published for 389-ds-base. Choosed
> severity > important, since possibly as well triggerable by
> unauthenticated attackers, but I'm not too familiar if that setup is
> common.
> CVE-2017-2591[0]:
> DoS via OOB heap read in "attribute uniqueness" plugin
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> For further information see:
> [0] https://security-tracker.debian.org/tracker/CVE-2017-2591
>     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591

I don't understand the tags.. is there a patch somewhere? I can't find
anything upstream, and the CVE links don't give anything useful either.

More information about the Pkg-fedora-ds-maintainers mailing list