projects / 389-ds-base.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
389-ds-base.git
12 months ago389-ds-base (1.4.4.11-2+deb11u1) bullseye-security; urgency=medium
commit | commitdiff | tree
Andrej Shadura [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
389-ds-base (1.4.4.11-2+deb11u1) bullseye-security; urgency=medium

  * Non-maintainer upload by the LTS team.
  * Backport security patches from the upstream.
    - CVE-2021-3652: Locked crypt accounts on import may allow any password.
    - CVE-2021-4091: Double-free of the virtual attribute context in
      persistent search, forcing the server to behave unexpectedly, and crash.
    - CVE-2022-0918: Denial of service triggered by specially crafted
      unauthenticated message crashing the server.
    - CVE-2022-0996: User with an expired password can still login with full
      privileges.
    - CVE-2022-2850: Crash while managing invalid cookie causing denial of
      service.
    - CVE-2024-2199 and CVE-2024-8445: Crash when modifying userPassword using
      malformed input.
    - CVE-2024-3657: Failure on the directory server with specially crafted
      LDAP query leading to denial of service.
    - CVE-2024-5953: Denial of service while attempting to log in with
      a user with a malformed hash in their password.

[dgit import unpatched 389-ds-base 1.4.4.11-2+deb11u1]

12 months agoImport 389-ds-base_1.4.4.11-2+deb11u1.debian.tar.xz
commit | commitdiff | tree
Andrej Shadura [Sun, 19 Jan 2025 12:30:31 +0000 (13:30 +0100)]
Import 389-ds-base_1.4.4.11-2+deb11u1.debian.tar.xz

[dgit import tarball 389-ds-base 1.4.4.11-2+deb11u1 389-ds-base_1.4.4.11-2+deb11u1.debian.tar.xz]

5 years agoImport 389-ds-base_1.4.4.11.orig.tar.bz2
commit | commitdiff | tree
Timo Aaltonen [Thu, 28 Jan 2021 11:03:32 +0000 (13:03 +0200)]
Import 389-ds-base_1.4.4.11.orig.tar.bz2

[dgit import orig 389-ds-base_1.4.4.11.orig.tar.bz2]

Unnamed repository; edit this file 'description' to name the repository.