summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Debian FreeIPA Team [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
fix-saslpath
Gbp-Pq: Name fix-saslpath.diff
Andrej Shadura [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
389-ds-base (1.4.4.11-2+deb11u1) bullseye-security; urgency=medium
* Non-maintainer upload by the LTS team.
* Backport security patches from the upstream.
- CVE-2021-3652: Locked crypt accounts on import may allow any password.
- CVE-2021-4091: Double-free of the virtual attribute context in
persistent search, forcing the server to behave unexpectedly, and crash.
- CVE-2022-0918: Denial of service triggered by specially crafted
unauthenticated message crashing the server.
- CVE-2022-0996: User with an expired password can still login with full
privileges.
- CVE-2022-2850: Crash while managing invalid cookie causing denial of
service.
- CVE-2024-2199 and CVE-2024-8445: Crash when modifying userPassword using
malformed input.
- CVE-2024-3657: Failure on the directory server with specially crafted
LDAP query leading to denial of service.
- CVE-2024-5953: Denial of service while attempting to log in with
a user with a malformed hash in their password.
[dgit import unpatched 389-ds-base 1.4.4.11-2+deb11u1]
Andrej Shadura [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
Import 389-ds-base_1.4.4.11-2+deb11u1.debian.tar.xz
[dgit import tarball 389-ds-base 1.4.4.11-2+deb11u1 389-ds-base_1.4.4.11-2+deb11u1.debian.tar.xz]
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (13:03 +0200)]
Import 389-ds-base_1.4.4.11.orig.tar.bz2
[dgit import orig 389-ds-base_1.4.4.11.orig.tar.bz2]
projects / 389-ds-base.git / log