From: Raspbian automatic forward porter <root@raspbian.org>
Date: Fri, 21 Mar 2025 15:12:26 +0000 (+0000)
Subject: Merge version 2.3.1+dfsg1-1+rpi1 and 2.3.1+dfsg1-1+deb12u1 to produce 2.3.1+dfsg1... 
X-Git-Tag: archive/raspbian/2.3.1+dfsg1-1+rpi1+deb12u1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=ab009cf41ea18305fdc8fd95dd0882cac102a725;p=389-ds-base.git

Merge version 2.3.1+dfsg1-1+rpi1 and 2.3.1+dfsg1-1+deb12u1 to produce 2.3.1+dfsg1-1+rpi1+deb12u1
---

ab009cf41ea18305fdc8fd95dd0882cac102a725
diff --cc debian/changelog
index 84dd684,9b51b5d..65a737e
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,9 -1,15 +1,22 @@@
- 389-ds-base (2.3.1+dfsg1-1+rpi1) bookworm-staging; urgency=medium
++389-ds-base (2.3.1+dfsg1-1+rpi1+deb12u1) bookworm-staging; urgency=medium
 +
 +  [changes brought forward from 1.4.0.19-2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Thu, 27 Dec 2018 01:27:25 +0000]
 +  * Add -latomic to LDFLAGS on armhf too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 26 Jan 2023 03:00:31 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 21 Mar 2025 15:12:25 +0000
++
+ 389-ds-base (2.3.1+dfsg1-1+deb12u1) bookworm; urgency=high
+ 
+   * Non-maintainer upload.
+   * Apply security patches from the upstream:
+     - CVE-2024-2199 and CVE-2024-8445: Crash when modifying userPassword
+       using malformed input (Closes: #1072531, #1082852).
+     - CVE-2024-5953: Denial of service while attempting to log in with
+       a user with a malformed hash in their password.
+     - CVE-2024-3657: Failure on the directory server with specially-crafted
+       LDAP query leading to denial of service.
+ 
+  -- Andrej Shadura <andrewsh@debian.org>  Thu, 16 Jan 2025 17:16:37 +0100
  
  389-ds-base (2.3.1+dfsg1-1) unstable; urgency=medium