Debian Bug report logs -
#834233
389-ds-base: CVE-2016-5416: ACI readable by anonymous user
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
:
Bug#834233
; Package src:389-ds-base
.
(Sat, 13 Aug 2016 15:48:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
.
(Sat, 13 Aug 2016 15:48:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: 389-ds-base
Version: 1.3.3.5-4
Severity: important
Tags: security upstream
Forwarded: https://fedorahosted.org/389/ticket/48852
Hi,
the following vulnerability was published for 389-ds-base. I'm filling
to be able to track it in the BTS (I'm not familiar enough with
389-ds-base, but looks that it's planned to fix that in 1.3.6).
CVE-2016-5416[0]:
ACI readable by anonymous user
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-5416
[1] https://fedorahosted.org/389/ticket/48852
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
:
Bug#834233
; Package src:389-ds-base
.
(Wed, 21 Dec 2016 18:09:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
.
(Wed, 21 Dec 2016 18:09:02 GMT) (full text, mbox, link).
Message #10 received at 834233@bugs.debian.org (full text, mbox, reply):
On Sat, Aug 13, 2016 at 05:46:19PM +0200, Salvatore Bonaccorso wrote:
> Source: 389-ds-base
> Version: 1.3.3.5-4
> Severity: important
> Tags: security upstream
> Forwarded: https://fedorahosted.org/389/ticket/48852
>
> Hi,
>
> the following vulnerability was published for 389-ds-base. I'm filling
> to be able to track it in the BTS (I'm not familiar enough with
> 389-ds-base, but looks that it's planned to fix that in 1.3.6).
>
> CVE-2016-5416[0]:
> ACI readable by anonymous user
What's the status? It's been four months without a followup to this security
bug...
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
:
Bug#834233
; Package src:389-ds-base
.
(Wed, 21 Dec 2016 19:33:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Timo Aaltonen <tjaalton@debian.org>
:
Extra info received and forwarded to list. Copy sent to Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>
.
(Wed, 21 Dec 2016 19:33:05 GMT) (full text, mbox, link).
Message #15 received at 834233@bugs.debian.org (full text, mbox, reply):
On 21.12.2016 20:07, Moritz Muehlenhoff wrote:
> On Sat, Aug 13, 2016 at 05:46:19PM +0200, Salvatore Bonaccorso wrote:
>> Source: 389-ds-base
>> Version: 1.3.3.5-4
>> Severity: important
>> Tags: security upstream
>> Forwarded: https://fedorahosted.org/389/ticket/48852
>>
>> Hi,
>>
>> the following vulnerability was published for 389-ds-base. I'm filling
>> to be able to track it in the BTS (I'm not familiar enough with
>> 389-ds-base, but looks that it's planned to fix that in 1.3.6).
>>
>> CVE-2016-5416[0]:
>> ACI readable by anonymous user
>
> What's the status? It's been four months without a followup to this security
> bug...
Still unfixed upstream.
--
t
Unset Bug forwarded-to-address
Request was from Sandro Tosi <morph@debian.org>
to control@bugs.debian.org
.
(Wed, 13 Jun 2018 22:27:05 GMT) (full text, mbox, link).
Reply sent
to Debian FTP Masters <ftpmaster@ftp-master.debian.org>
:
You have taken responsibility.
(Mon, 14 Jan 2019 17:57:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Bug acknowledged by developer.
(Mon, 14 Jan 2019 17:57:05 GMT) (full text, mbox, link).
Message #22 received at 834233-done@bugs.debian.org (full text, mbox, reply):
Version: 1.4.0.19-3+rm
Dear submitter,
as the package 389-ds-base has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/915510
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
Bug reopened
Request was from Scott Kitterman <scott@kitterman.com>
to control@bugs.debian.org
.
(Mon, 14 Jan 2019 19:06:22 GMT) (full text, mbox, link).
No longer marked as fixed in versions 1.4.0.19-3+rm.
Request was from Scott Kitterman <scott@kitterman.com>
to control@bugs.debian.org
.
(Mon, 14 Jan 2019 19:06:22 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>
:
Bug#834233
; Package src:389-ds-base
.
(Mon, 14 Jan 2019 19:18:17 GMT) (full text, mbox, link).
Acknowledgement sent
to Scott Kitterman <debian@kitterman.com>
:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>
.
(Mon, 14 Jan 2019 19:18:17 GMT) (full text, mbox, link).
Message #31 received at 834233@bugs.debian.org (full text, mbox, reply):
On Mon, 14 Jan 2019 17:54:40 +0000 Debian FTP Masters <ftpmaster@ftp-master.debian.org> wrote:
> Version: 1.4.0.19-3+rm
...
Package was removed in error.
Bug reopened.
Scott K
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:42:00 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.