Debian Bug report logs -
#757437
389-ds-base: CVE-2014-3562: unauthenticated information disclosure
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 8 Aug 2014 06:39:01 UTC
Severity: grave
Tags: security, upstream
Fixed in version 389-ds-base/1.3.2.21-1
Done: Timo Aaltonen <tjaalton@ubuntu.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#757437; Package src:389-ds-base.
(Fri, 08 Aug 2014 06:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>.
(Fri, 08 Aug 2014 06:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: 389-ds-base
Severity: grave
Tags: security upstream
Hi,
the following vulnerability was published for 389-ds-base.
CVE-2014-3562[0]:
unauthenticated information disclosure
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-3562
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1123477
Regards,
Salvatore
Reply sent
to Timo Aaltonen <tjaalton@ubuntu.com>:
You have taken responsibility.
(Fri, 08 Aug 2014 09:36:12 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Fri, 08 Aug 2014 09:36:12 GMT) (full text, mbox, link).
Message #10 received at 757437-close@bugs.debian.org (full text, mbox, reply):
Source: 389-ds-base
Source-Version: 1.3.2.21-1
We believe that the bug you reported is fixed in the latest version of
389-ds-base, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 757437@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <tjaalton@ubuntu.com> (supplier of updated 389-ds-base package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 08 Aug 2014 10:48:55 +0300
Source: 389-ds-base
Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg
Architecture: source all amd64
Version: 1.3.2.21-1
Distribution: sid
Urgency: medium
Maintainer: Timo Aaltonen <tjaalton@ubuntu.com>
Changed-By: Timo Aaltonen <tjaalton@ubuntu.com>
Description:
389-ds - 389 Directory Server suite - metapackage
389-ds-base - 389 Directory Server suite - server
389-ds-base-dbg - 389 Directory Server suite - server debugging symbols
389-ds-base-dev - 389 Directory Server suite - development files
389-ds-base-libs - 389 Directory Server suite - libraries
389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols
Closes: 757437
Changes:
389-ds-base (1.3.2.21-1) unstable; urgency=medium
.
* New upstream release.
- CVE-2014-3562 (Closes: #757437)
Checksums-Sha1:
f9c2d8c607f0d1a41beeab181c435a7b3094d8a6 2578 389-ds-base_1.3.2.21-1.dsc
1678ee422894cdd5a3cf895351ac2403ef33eecc 3176730 389-ds-base_1.3.2.21.orig.tar.bz2
9c49a9c9d8991045c4e571b718df41fb2925ff2c 30152 389-ds-base_1.3.2.21-1.debian.tar.xz
0292dfe09b8b69fcc58158b93851842900dbd022 14752 389-ds_1.3.2.21-1_all.deb
784916763de8d7b63002065b77c6640e12c0623b 368720 389-ds-base-libs_1.3.2.21-1_amd64.deb
f625bb729952477d47e1983228f0dd7fd8d1e0ac 1242246 389-ds-base-libs-dbg_1.3.2.21-1_amd64.deb
0c41220f8bf198a21fd463df3429d40697adc90f 67382 389-ds-base-dev_1.3.2.21-1_amd64.deb
6d20693dbfa4d66352f0664610da4b44ba61940f 1420132 389-ds-base_1.3.2.21-1_amd64.deb
316e3cbc0836466df082cd7045f88e1ec8758cb7 4112504 389-ds-base-dbg_1.3.2.21-1_amd64.deb
Checksums-Sha256:
8e73869fe24f1741ed42477f2666573cc4d2fe820fb3c38fa5c4aa94d0d31846 2578 389-ds-base_1.3.2.21-1.dsc
efb9edb61fe2bb0cebd3aca60097aab14e2797a64bbbd1d55655c18a174999a3 3176730 389-ds-base_1.3.2.21.orig.tar.bz2
5c142eaecd857ff7940a09ca7644ba3a48de160267d23259539f8e6da1e26a5c 30152 389-ds-base_1.3.2.21-1.debian.tar.xz
8f340761fed84a2710fc1719976bf8751f3fc74d365f093ae80ff904ae8fdae3 14752 389-ds_1.3.2.21-1_all.deb
da283b0d5cf3699d25ad00e312b6428a2b62310a98616b453ac7b1146b4c2505 368720 389-ds-base-libs_1.3.2.21-1_amd64.deb
6407863e03ac6718830481a390f801bdf0671c16087a0e45c0aed32b38ddc0fc 1242246 389-ds-base-libs-dbg_1.3.2.21-1_amd64.deb
8404f35624b4520f7af188095cb934d2ba0857164045b1a379b556533bb59965 67382 389-ds-base-dev_1.3.2.21-1_amd64.deb
c877140337a6ae777998fc66e74c130b2314626bc461ffc1706a2655fc1a3b62 1420132 389-ds-base_1.3.2.21-1_amd64.deb
666e545dcfb8588e6eeaffc85215a18b0c979828c85576e0a644862dd21465cf 4112504 389-ds-base-dbg_1.3.2.21-1_amd64.deb
Files:
682309d34981a243a927c7a9cae6c329 14752 net optional 389-ds_1.3.2.21-1_all.deb
2a3bbf8e9ce20971e8d5f3b5790fbbe5 368720 libs optional 389-ds-base-libs_1.3.2.21-1_amd64.deb
a5c6de23cab9cd13295894f714eaa60b 1242246 debug extra 389-ds-base-libs-dbg_1.3.2.21-1_amd64.deb
32ec64bbbc4c1f5084563ff866d70756 67382 libdevel optional 389-ds-base-dev_1.3.2.21-1_amd64.deb
c9471f356fb598fba0be115478c6274c 1420132 net optional 389-ds-base_1.3.2.21-1_amd64.deb
cea6c1e3bd70e17ecaa6e2f35ca1c01c 4112504 debug extra 389-ds-base-dbg_1.3.2.21-1_amd64.deb
9f2b09b957054e3afb997b88727e45b9 2578 net optional 389-ds-base_1.3.2.21-1.dsc
d25ce375daea1831fedca7fd282bbbf0 3176730 net optional 389-ds-base_1.3.2.21.orig.tar.bz2
b3065e8e2a8c8435394db701dc06ed21 30152 net optional 389-ds-base_1.3.2.21-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJT5IHoAAoJEMtwMWWoiYTcBCsP/A/wyBaeCk+pEAKwxMOPGLk3
DCrlDd476lj8OQ1kPJQeWbi4oKuXEJqGJsuGtmWpMg9qUxa0UOEJ+0HRcv1uLsHM
cpWU3XHH7Vf9v5K/xc2nZ0OLsL4I5ysU4NhrVNBKlj/eMEWawkp289Yz5g8arHA0
nFrNtuQkGuPk5QD0IkLKCGCA58nbHhmNnVwCXlNfUiaNy2diKMaA/aaDQ5A5/Hrn
jlGIfavKIf6BBx0p45lLYSg3l02kjCWLRfWTKpcb2BP0J1Uq+3DjCB9T8X8ndiil
wxROn8L2ri/tJpD0zq4hZ/pyX6/ZjcSzUfy8FvdVU7CWC0MFju9XNG0U7jG/kxJc
DsHc2IR2OGIOVUP41PHoG7we1HeRAlBbh/biE6kbcz1Pslpf7aa0czpPiL/2yy6j
Wvd446SBHSBPGHPVku2x6fVWz8j15M+37OWONk6KGMluLBwwZZ9ObmwcDuQQzo6T
VMkZwgQRbNv7YAJ7Q+frxxL6t3+b0XQZjw0sF20RpPn7zjX+WMhDCdfz8TkylCvx
c5n/sy226qFWWV8GG1mG8ikVwfp6608q9Hfqhy+nRqGrKTTsvFl0KQprEYc2QMuo
aRRm6Y1iw4UKfzIOuJFFY/I1zptpTNiT6d3fCfN2JEjsvZYZvi0jgWL6KGqMqNnP
lqrUipkkCfoU4UhOJcWD
=u/0C
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 08 Oct 2014 07:31:48 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:18:36 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon