[Pkg-fedora-ds-maintainers] Bug#851769: Bug#851769: 389-ds-base: CVE-2017-2591
carnil at debian.org
Thu Jan 26 20:38:13 UTC 2017
Thanks a lot for looking into the issue!
On Thu, Jan 26, 2017 at 10:29:16PM +0200, Timo Aaltonen wrote:
> On 18.01.2017 18:16, Salvatore Bonaccorso wrote:
> > Source: 389-ds-base
> > Version: 220.127.116.11-1
> > Severity: grave
> > Tags: security upstream patch
> > Justification: user security hole
> > Hi,
> > the following vulnerability was published for 389-ds-base. Choosed
> > severity > important, since possibly as well triggerable by
> > unauthenticated attackers, but I'm not too familiar if that setup is
> > common.
> > CVE-2017-2591:
> > DoS via OOB heap read in "attribute uniqueness" plugin
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> > For further information see:
> >  https://security-tracker.debian.org/tracker/CVE-2017-2591
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2591
> I don't understand the tags.. is there a patch somewhere? I can't find
> anything upstream, and the CVE links don't give anything useful either.
MITRE has not yet updated their page. But if you follow the first link
to the security-tracker the patch is referenced.
according to the original post on oss-security, which describes the
Does this help?
More information about the Pkg-fedora-ds-maintainers