Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2013-4283 CVE-2013-0336 CVE-2013-1897 CVE-2013-2219 CVE-2013-4485 CVE-2013-0312

Source

Debian Bug report logs - #721222
389-ds-base: CVE-2013-4283

Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 29 Aug 2013 08:42:02 UTC

Severity: grave

Tags: security

Fixed in version 389-ds-base/1.3.2.9-1

Done: Timo Aaltonen <tjaalton@ubuntu.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#721222; Package 389-ds-base. (Thu, 29 Aug 2013 08:42:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>. (Thu, 29 Aug 2013 08:42:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: 389-ds-base
Severity: grave
Tags: security
Justification: user security hole

Please see https://bugzilla.redhat.com/show_bug.cgi?id=999634
for details.

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#721222; Package 389-ds-base. (Tue, 03 Sep 2013 17:27:10 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Aaltonen <tjaalton@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>. (Tue, 03 Sep 2013 17:27:10 GMT) (full text, mbox, link).

Message #10 received at 721222@bugs.debian.org (full text, mbox, reply):

On 29.08.2013 11:33, Moritz Muehlenhoff wrote:
> Package: 389-ds-base
> Severity: grave
> Tags: security
> Justification: user security hole
> 
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=999634
> for details.

again fixed in git, waiting for a sponsor.

-- 
t

Reply sent to Timo Aaltonen <tjaalton@ubuntu.com>:
You have taken responsibility. (Sun, 23 Feb 2014 15:21:26 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 23 Feb 2014 15:21:26 GMT) (full text, mbox, link).

Message #15 received at 721222-close@bugs.debian.org (full text, mbox, reply):

Source: 389-ds-base
Source-Version: 1.3.2.9-1

We believe that the bug you reported is fixed in the latest version of
389-ds-base, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 721222@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@ubuntu.com> (supplier of updated 389-ds-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 03 Feb 2014 11:08:50 +0200
Source: 389-ds-base
Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg
Architecture: source all amd64
Version: 1.3.2.9-1
Distribution: unstable
Urgency: low
Maintainer: Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
Changed-By: Timo Aaltonen <tjaalton@ubuntu.com>
Description: 
 389-ds     - 389 Directory Server suite - metapackage
 389-ds-base - 389 Directory Server suite - server
 389-ds-base-dbg - 389 Directory Server suite - server debugging symbols
 389-ds-base-dev - 389 Directory Server suite - development files
 389-ds-base-libs - 389 Directory Server suite - libraries
 389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols
Closes: 704077 704421 718325 721222 730115
Changes: 
 389-ds-base (1.3.2.9-1) unstable; urgency=low
 .
   * New upstream release.
     - fixes CVE-2013-0336 (Closes: #704077)
     - fixes CVE-2013-1897 (Closes: #704421)
     - fixes CVE-2013-2219 (Closes: #718325)
     - fixes CVE-2013-4283 (Closes: #721222)
     - fixes CVE-2013-4485 (Closes: #730115)
   * Drop fix-CVE-2013-0312.diff, upstream.
   * rules: Add new scripts to rename.
   * fix-sasl-path.diff: Use a triplet path to find libsasl2. (LP:
     #1088822)
   * admin_scripts.diff: Add patch from upstream #47511 to fix bashisms.
   * control: Add ldap-utils to -base depends.
   * rules, rename-online-scripts.diff: Some scripts with .pl suffix are
     meant for an online server, so instead of overwriting the offline
     scripts use -online suffix.
   * rules: Enable parallel build, but limit the jobs to 1 for
     dh_auto_install.
   * control: Bump policy to 3.9.5, no changes.
   * rules: Add get-orig-source target.
   * lintian-overrides: Drop obsolete entries, add comments for the rest.
Checksums-Sha1: 
 1b9d07e3375dfa01bdbde747ed579acd57ae930b 2178 389-ds-base_1.3.2.9-1.dsc
 776d1a042e4e5b038b41792ec1a2374652c014e0 3150138 389-ds-base_1.3.2.9.orig.tar.bz2
 367cb8142c39b90f28d97a388e8722d69355bf86 19144 389-ds-base_1.3.2.9-1.debian.tar.xz
 f30b0be4738c80bb645d43a669ceabf68436dcad 14518 389-ds_1.3.2.9-1_all.deb
 9770511f6eb1f03da1c4347a8e6cf50ac8cfd226 355384 389-ds-base-libs_1.3.2.9-1_amd64.deb
 abd64208e1a83307e803b574eabbbf3cbba7b5aa 1287366 389-ds-base-libs-dbg_1.3.2.9-1_amd64.deb
 dfa90f1bca997a3764d70a0c5c68db686ee7922e 66804 389-ds-base-dev_1.3.2.9-1_amd64.deb
 6abac1cc407b29ef28c66c4757ac2e6d66582ecb 1396106 389-ds-base_1.3.2.9-1_amd64.deb
 448f21ea631c1074b46440503e60f717fa86e672 4367244 389-ds-base-dbg_1.3.2.9-1_amd64.deb
Checksums-Sha256: 
 86f1895f46948b9a42f904ae9dbc748e450baa317a6385e2b63c32bd78cf70aa 2178 389-ds-base_1.3.2.9-1.dsc
 9ba672df433c13f6543dee8384536297ebd661c1dbe63dd513cfebfa596f8a7a 3150138 389-ds-base_1.3.2.9.orig.tar.bz2
 ae99530e50bab290ff74183d8a85c23294db2507f7f19da4781958176f404445 19144 389-ds-base_1.3.2.9-1.debian.tar.xz
 99d189473a9c586746970a1be2b1f5e7422a96896ff67647b804077a673821fe 14518 389-ds_1.3.2.9-1_all.deb
 29889d07467ac38b4a9810a6eb4b634bfaf49a30c08b0f2495e51ab372526e8f 355384 389-ds-base-libs_1.3.2.9-1_amd64.deb
 ced26f759b5219f4fc63a872d6e22a9fb5e106c29a3976bc7a3f4d8a3bd52921 1287366 389-ds-base-libs-dbg_1.3.2.9-1_amd64.deb
 a285a3bbb3d5a92bbfb51727b6caea5338fbe067a24faa935271af8d41c2c02a 66804 389-ds-base-dev_1.3.2.9-1_amd64.deb
 842a7c9aa618f1a3f66bcadabd2ab20be15ade7feb25f854152f7e8087731a78 1396106 389-ds-base_1.3.2.9-1_amd64.deb
 ed7d2d53bc31b78911070af13dde568de436683f7fad5adcd1178b9d9af79023 4367244 389-ds-base-dbg_1.3.2.9-1_amd64.deb
Files: 
 8b9e09ed31f091816fbdd188c7c8a985 2178 net optional 389-ds-base_1.3.2.9-1.dsc
 10a1e52e05ee95979e401d28a5607a7b 3150138 net optional 389-ds-base_1.3.2.9.orig.tar.bz2
 6986e391db893e30663a4c6ef88f4fd2 19144 net optional 389-ds-base_1.3.2.9-1.debian.tar.xz
 ff234042b341ca2d945f3ee9a5a2957a 14518 net optional 389-ds_1.3.2.9-1_all.deb
 fad1aa32e710b74c0fb863aaa76c7418 355384 libs optional 389-ds-base-libs_1.3.2.9-1_amd64.deb
 05df1eb6e807283ce2b40f05f151fe3b 1287366 debug extra 389-ds-base-libs-dbg_1.3.2.9-1_amd64.deb
 0a6a192f3a534b989450e0d4256433b7 66804 libdevel optional 389-ds-base-dev_1.3.2.9-1_amd64.deb
 810547c1d15036e0e77c5596f3f48159 1396106 net optional 389-ds-base_1.3.2.9-1_amd64.deb
 dada0e5e84278ac37420f984d045e961 4367244 debug extra 389-ds-base-dbg_1.3.2.9-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJTCgNdAAoJEFb2GnlAHawEcuMIALJBSH11OlKDh7eibnN/yNrQ
Cki/KRiIQcGWacWu0NiH5kXa1PN+nuKVUJyk4rWfDOZD8OI0Dck8vZxjSGhJ4M+k
czQlG4fDvKconkXb8vyKohmPdopg325cw1C56Hpkx//0Oecj55xR1WyZVaAkeLgz
XwJuNDv5NIn+G7imK56S5RVXq0uGs8NfQuMZQTdV2Gxw4p4BcUYolvvTpTecw542
EuimPWIu9eLlvQRjMp52bVnBagiRgpirPhF9Fg2ZKq2ZGiPmfYyEkh5CDW2fP6Lm
W0C/sQhrmxSg4ngPJOAqRdnrT4twNpQjwIbXmj4RGbyvVWVL6NcOi2A3LhI3H78=
=pfNo
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 25 Mar 2014 07:27:04 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:06:47 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

389-ds-base: CVE-2013-4283

Debian Bug report logs - #721222
389-ds-base: CVE-2013-4283

Vulmon Search

About

Products

Connect

389-ds-base: CVE-2013-4283

Debian Bug report logs - #721222 389-ds-base: CVE-2013-4283

Vulmon Search

About

Products

Connect

Debian Bug report logs - #721222
389-ds-base: CVE-2013-4283