Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-3514 CVE-2021-3480

Source

Debian Bug report logs - #988727
389-ds-base: CVE-2021-3514

Package: 389-ds-base; Maintainer for 389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>; Source for 389-ds-base is src:389-ds-base (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 18 May 2021 18:33:05 UTC

Severity: grave

Tags: security

Fixed in version 389-ds-base/1.4.4.11-2

Done: Timo Aaltonen <tjaalton@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>:
Bug#988727; Package 389-ds-base. (Tue, 18 May 2021 18:33:07 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>. (Tue, 18 May 2021 18:33:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: 389-ds-base
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

CVE-2021-3514:
https://github.com/389ds/389-ds-base/issues/4711

CVE-2021-3480:
https://bugzilla.redhat.com/show_bug.cgi?id=1944640
https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master

Cheers,
	 Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>:
Bug#988727; Package 389-ds-base. (Tue, 18 May 2021 19:09:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>. (Tue, 18 May 2021 19:09:06 GMT) (full text, mbox, link).

Message #10 received at 988727@bugs.debian.org (full text, mbox, reply):

Control: clone -1 -2
Control: retitle -1 389-ds-base: CVE-2021-3514
Control: reassign -2 src:slapi-nis 0.56.5-1
Control: retitle -2 slapi-nis: CVE-2021-3480

Hi,

On Tue, May 18, 2021 at 08:30:52PM +0200, Moritz Muehlenhoff wrote:
> Package: 389-ds-base
> Severity: grave
> Tags: security
> X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
> 
> CVE-2021-3514:
> https://github.com/389ds/389-ds-base/issues/4711
> 
> CVE-2021-3480:
> https://bugzilla.redhat.com/show_bug.cgi?id=1944640
> https://pagure.io/slapi-nis/c/c7417ea2d534712e559b56ed45baa91c5d3d44db?branch=master

I believe CVE-2021-3480 is actually in src:slapi-nis according to the
above information.

Cloning this bug to tack it in slapi-nis for CVE-2021-3480.

Regards,
Salvatore

Bug 988727 cloned as bug 988736 Request was from Salvatore Bonaccorso <carnil@debian.org> to 988727-submit@bugs.debian.org. (Tue, 18 May 2021 19:09:07 GMT) (full text, mbox, link).

Changed Bug title to '389-ds-base: CVE-2021-3514' from 'CVE-2021-3514 CVE-2021-3480'. Request was from Salvatore Bonaccorso <carnil@debian.org> to 988727-submit@bugs.debian.org. (Tue, 18 May 2021 19:09:07 GMT) (full text, mbox, link).

Reply sent to Timo Aaltonen <tjaalton@debian.org>:
You have taken responsibility. (Wed, 19 May 2021 11:51:09 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 19 May 2021 11:51:09 GMT) (full text, mbox, link).

Message #19 received at 988727-close@bugs.debian.org (full text, mbox, reply):

Source: 389-ds-base
Source-Version: 1.4.4.11-2
Done: Timo Aaltonen <tjaalton@debian.org>

We believe that the bug you reported is fixed in the latest version of
389-ds-base, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 988727@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@debian.org> (supplier of updated 389-ds-base package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 May 2021 14:22:15 +0300
Source: 389-ds-base
Built-For-Profiles: noudeb
Architecture: source
Version: 1.4.4.11-2
Distribution: unstable
Urgency: medium
Maintainer: Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>
Changed-By: Timo Aaltonen <tjaalton@debian.org>
Closes: 988727
Changes:
 389-ds-base (1.4.4.11-2) unstable; urgency=medium
 .
   * 4711-SIGSEV-with-sync_repl-4738.patch: Fix CVE-2021-3514. (Closes:
     #988727)
Checksums-Sha1:
 bac785a985bfa26b35b536948e53c131133209ea 2778 389-ds-base_1.4.4.11-2.dsc
 2d37a46441aabfcaa6957b8ee77367c1ff689f36 444752 389-ds-base_1.4.4.11-2.debian.tar.xz
 e0617b8fb2eff34f9d5933ced85d0114ea187f99 9152 389-ds-base_1.4.4.11-2_source.buildinfo
Checksums-Sha256:
 2842262c064bde6d98e081311a71ab1dd66bb4d9a0d4e93f64214e2f3043cdbf 2778 389-ds-base_1.4.4.11-2.dsc
 e2f8162ed68afb41b89a78463f1ab7b8afbbce6e7fd8bab26f89ed8bedd307a5 444752 389-ds-base_1.4.4.11-2.debian.tar.xz
 a544d3707ee9e992918b6ad5f7278b9c2927a6c888c86cdb4d696f6683abab80 9152 389-ds-base_1.4.4.11-2_source.buildinfo
Files:
 bfcd576e4fb39b0d33f11bd0c1ed3c70 2778 net optional 389-ds-base_1.4.4.11-2.dsc
 7cffeef4858202eb6234953091dd07dd 444752 net optional 389-ds-base_1.4.4.11-2.debian.tar.xz
 f16c17122e0adca28dec3bcdf998ac5b 9152 net optional 389-ds-base_1.4.4.11-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdS3ifE3rFwGbS2Yjy3AxZaiJhNwFAmCk9PkACgkQy3AxZaiJ
hNzV6g/9EIY2oGLzewUFXvuNU88Jld6ifSkVFbVodAXF0xFZVFvIqLyRpzPxEh8Z
9xPhttHmRoTf8n4/KCMYI3DiP+Ms/n7Pdkdnqc0NADoLXKJEL4asNF3R7hnck23Y
VaD/LJ38jYXTKq/4u/G1izs5Dt/j5Z3wKEYWbCdvhmj5K0xLhz3un973O00kcnsd
zC22BHVcYProRNCeSQ094TL8Hsd79PYCWHTspr3CVl0hkcAlaDNIESQXaWQ4448v
r+xUjKGXBcpKJWv4YCczOhF6qOL0QBMFq6L+jKDHtYVqTrJHYyghEEueSxH1QSe/
VrdpRkD+/A02l0fNkL4E2JAeX2rtT5JHiPRV8FgHhHuAH4dC8F0OfoYyoXX6xQjg
eIl14UitgLQYrU6gF2tGmIQ60hmARHVCtLrBjBTgYtcZNRGFxkSK6SiEFMQmGpqg
lf86PvGXrFOwI9cygGYlVHZ5TSUbU3qt7+CV35sWxmv5uA+x2LKF8zzQ2EDh6/EP
GWxvYOXMsqljWmeQOUnmF4xM7883+UXG/twowfVqnOzaEScaiOEJopBWO0NsckQa
U3W7drf6aFfUS9nUHU4PUYdQyts811sutlTYKKU1tH2YonH+C5y5KZQwVPw4gJFA
IYtcl7Wb+1eY8Lq+I+GGpjVFf/D2QQQoF9GsDccYwpwDjXWd77c=
=OVcX
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 19 12:43:30 2021; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

389-ds-base: CVE-2021-3514

Debian Bug report logs - #988727
389-ds-base: CVE-2021-3514

Vulmon Search

About

Products

Connect

389-ds-base: CVE-2021-3514

Debian Bug report logs - #988727 389-ds-base: CVE-2021-3514

Vulmon Search

About

Products

Connect

Debian Bug report logs - #988727
389-ds-base: CVE-2021-3514