From: Raspbian automatic forward porter <root@raspbian.org>
Date: Tue, 21 Jan 2025 17:58:36 +0000 (+0000)
Subject: Merge version 1.4.4.11-2+rpi1 and 1.4.4.11-2+deb11u1 to produce 1.4.4.11-2+rpi1+deb11u1
X-Git-Tag: archive/raspbian/1.4.4.11-2+rpi1+deb11u1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=2058a3faf39bb4ff0ad13b08a6cfa9637eccca5a;p=389-ds-base.git

Merge version 1.4.4.11-2+rpi1 and 1.4.4.11-2+deb11u1 to produce 1.4.4.11-2+rpi1+deb11u1
---

2058a3faf39bb4ff0ad13b08a6cfa9637eccca5a
diff --cc debian/changelog
index 980410d,f6893c1..b10996a
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,24 +1,31 @@@
- 389-ds-base (1.4.4.11-2+rpi1) bullseye-staging; urgency=medium
++389-ds-base (1.4.4.11-2+rpi1+deb11u1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 1.4.0.19-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 27 Dec 2018 01:27:25 +0000]
 +  * Add -latomic to LDFLAGS on armhf too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 28 May 2021 06:17:09 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Tue, 21 Jan 2025 17:58:36 +0000
++
+ 389-ds-base (1.4.4.11-2+deb11u1) bullseye-security; urgency=medium
+ 
+   * Non-maintainer upload by the LTS team.
+   * Backport security patches from the upstream.
+     - CVE-2021-3652: Locked crypt accounts on import may allow any password.
+     - CVE-2021-4091: Double-free of the virtual attribute context in
+       persistent search, forcing the server to behave unexpectedly, and crash.
+     - CVE-2022-0918: Denial of service triggered by specially crafted
+       unauthenticated message crashing the server.
+     - CVE-2022-0996: User with an expired password can still login with full
+       privileges.
+     - CVE-2022-2850: Crash while managing invalid cookie causing denial of
+       service.
+     - CVE-2024-2199 and CVE-2024-8445: Crash when modifying userPassword using
+       malformed input.
+     - CVE-2024-3657: Failure on the directory server with specially crafted
+       LDAP query leading to denial of service.
+     - CVE-2024-5953: Denial of service while attempting to log in with
+       a user with a malformed hash in their password.
+ 
+  -- Andrej Shadura <andrewsh@debian.org>  Sun, 19 Jan 2025 13:30:31 +0100
  
  389-ds-base (1.4.4.11-2) unstable; urgency=medium