projects / 389-ds-base.git / log
? search:
summary | shortlog | log | commit | commitdiff | tree
first ⋅ prev ⋅ next
389-ds-base.git
2 years agofix-saslpath
commit | commitdiff | tree
Debian FreeIPA Team [Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)]
fix-saslpath

Gbp-Pq: Name fix-saslpath.diff

2 years agofix-obsolete-target
commit | commitdiff | tree
Debian FreeIPA Team [Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)]
fix-obsolete-target

Gbp-Pq: Name fix-obsolete-target.diff

2 years agorename-online-scripts
commit | commitdiff | tree
Debian FreeIPA Team [Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)]
rename-online-scripts

Gbp-Pq: Name rename-online-scripts.diff

2 years agouse-bash-instead-of-sh
commit | commitdiff | tree
Debian FreeIPA Team [Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)]
use-bash-instead-of-sh

Gbp-Pq: Name use-bash-instead-of-sh.diff

2 years ago389-ds-base (1.4.0.21-1+deb10u1) buster-security; urgency=medium
commit | commitdiff | tree
Anton Gladky [Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)]
389-ds-base (1.4.0.21-1+deb10u1) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * CVE-2021-4091: double free of the virtual attribute context in
                   persistent search.
  * CVE-2022-0918: an unauthenticated attacker with network access to
                   the LDAP port
                   can cause a denial of service.
  * CVE-2022-0996: expired password was still allowed to access the database.
  * CVE-2022-2850: possible NULL pointer dereference leading to a denial of
                   service.
  * CVE-2021-3652: importing an asterisk as password hashes enables successful
                   authentication with any password, allowing attackers to
                   access accounts with disabled passwords.
  * CVE-2021-3514: an authenticated attacker can crash 389-ds-base using a
                   specially crafted query in sync_repl client, due to a NULL
                   pointer dereference.
  * CVE-2019-14824:deref plugin vulnerability lets authenticated attackers
                   access private attributes, like password hashes, using the
                   'search' permission.
  * CVE-2019-10224:vulnerability that may disclose sensitive information,
                   including the Directory Manager password, when executing
                   dscreate and dsconf commands in verbose mode.and dsconf
                   commands in verbose mode and recording the terminal standard
                   error output.
  * CVE-2019-3883: SSL/TLS requests do not enforce ioblocktimeout limit, leading
                   to DoS vulnerability by hanging all workers with hanging LDAP
                   requests.

[dgit import unpatched 389-ds-base 1.4.0.21-1+deb10u1]

2 years agoImport 389-ds-base_1.4.0.21-1+deb10u1.debian.tar.xz
commit | commitdiff | tree
Anton Gladky [Mon, 24 Apr 2023 04:08:15 +0000 (05:08 +0100)]
Import 389-ds-base_1.4.0.21-1+deb10u1.debian.tar.xz

[dgit import tarball 389-ds-base 1.4.0.21-1+deb10u1 389-ds-base_1.4.0.21-1+deb10u1.debian.tar.xz]

6 years agoImport 389-ds-base_1.4.0.21.orig.tar.bz2
commit | commitdiff | tree
Timo Aaltonen [Tue, 12 Feb 2019 14:28:15 +0000 (14:28 +0000)]
Import 389-ds-base_1.4.0.21.orig.tar.bz2

[dgit import orig 389-ds-base_1.4.0.21.orig.tar.bz2]

Unnamed repository; edit this file 'description' to name the repository.