Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2016-5416

Source

Debian Bug report logs - #834233
389-ds-base: CVE-2016-5416: ACI readable by anonymous user

Package: src:389-ds-base; Maintainer for src:389-ds-base is Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 13 Aug 2016 15:48:01 UTC

Severity: important

Tags: security, upstream

Found in version 389-ds-base/1.3.3.5-4

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#834233; Package src:389-ds-base. (Sat, 13 Aug 2016 15:48:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>. (Sat, 13 Aug 2016 15:48:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: 389-ds-base
Version: 1.3.3.5-4
Severity: important
Tags: security upstream
Forwarded: https://fedorahosted.org/389/ticket/48852

Hi,

the following vulnerability was published for 389-ds-base. I'm filling
to be able to track it in the BTS (I'm not familiar enough with
389-ds-base, but looks that it's planned to fix that in 1.3.6).

CVE-2016-5416[0]:
ACI readable by anonymous user

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-5416
[1] https://fedorahosted.org/389/ticket/48852

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#834233; Package src:389-ds-base. (Wed, 21 Dec 2016 18:09:02 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>. (Wed, 21 Dec 2016 18:09:02 GMT) (full text, mbox, link).

Message #10 received at 834233@bugs.debian.org (full text, mbox, reply):

On Sat, Aug 13, 2016 at 05:46:19PM +0200, Salvatore Bonaccorso wrote:
> Source: 389-ds-base
> Version: 1.3.3.5-4
> Severity: important
> Tags: security upstream
> Forwarded: https://fedorahosted.org/389/ticket/48852
> 
> Hi,
> 
> the following vulnerability was published for 389-ds-base. I'm filling
> to be able to track it in the BTS (I'm not familiar enough with
> 389-ds-base, but looks that it's planned to fix that in 1.3.6).
> 
> CVE-2016-5416[0]:
> ACI readable by anonymous user

What's the status? It's been four months without a followup to this security
bug...

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>:
Bug#834233; Package src:389-ds-base. (Wed, 21 Dec 2016 19:33:05 GMT) (full text, mbox, link).

Acknowledgement sent to Timo Aaltonen <tjaalton@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian 389ds Team <pkg-fedora-ds-maintainers@lists.alioth.debian.org>. (Wed, 21 Dec 2016 19:33:05 GMT) (full text, mbox, link).

Message #15 received at 834233@bugs.debian.org (full text, mbox, reply):

On 21.12.2016 20:07, Moritz Muehlenhoff wrote:
> On Sat, Aug 13, 2016 at 05:46:19PM +0200, Salvatore Bonaccorso wrote:
>> Source: 389-ds-base
>> Version: 1.3.3.5-4
>> Severity: important
>> Tags: security upstream
>> Forwarded: https://fedorahosted.org/389/ticket/48852
>>
>> Hi,
>>
>> the following vulnerability was published for 389-ds-base. I'm filling
>> to be able to track it in the BTS (I'm not familiar enough with
>> 389-ds-base, but looks that it's planned to fix that in 1.3.6).
>>
>> CVE-2016-5416[0]:
>> ACI readable by anonymous user
> 
> What's the status? It's been four months without a followup to this security
> bug...

Still unfixed upstream.


-- 
t

Unset Bug forwarded-to-address Request was from Sandro Tosi <morph@debian.org> to control@bugs.debian.org. (Wed, 13 Jun 2018 22:27:05 GMT) (full text, mbox, link).

Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Mon, 14 Jan 2019 17:57:05 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Mon, 14 Jan 2019 17:57:05 GMT) (full text, mbox, link).

Message #22 received at 834233-done@bugs.debian.org (full text, mbox, reply):

Version: 1.4.0.19-3+rm

Dear submitter,

as the package 389-ds-base has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/915510

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

Bug reopened Request was from Scott Kitterman <scott@kitterman.com> to control@bugs.debian.org. (Mon, 14 Jan 2019 19:06:22 GMT) (full text, mbox, link).

No longer marked as fixed in versions 1.4.0.19-3+rm. Request was from Scott Kitterman <scott@kitterman.com> to control@bugs.debian.org. (Mon, 14 Jan 2019 19:06:22 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>:
Bug#834233; Package src:389-ds-base. (Mon, 14 Jan 2019 19:18:17 GMT) (full text, mbox, link).

Acknowledgement sent to Scott Kitterman <debian@kitterman.com>:
Extra info received and forwarded to list. Copy sent to Debian FreeIPA Team <pkg-freeipa-devel@alioth-lists.debian.net>. (Mon, 14 Jan 2019 19:18:17 GMT) (full text, mbox, link).

Message #31 received at 834233@bugs.debian.org (full text, mbox, reply):

On Mon, 14 Jan 2019 17:54:40 +0000 Debian FTP Masters <ftpmaster@ftp-master.debian.org> wrote:
> Version: 1.4.0.19-3+rm
...

Package was removed in error.

Bug reopened.

Scott K

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:42:00 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

389-ds-base: CVE-2016-5416: ACI readable by anonymous user

Debian Bug report logs - #834233
389-ds-base: CVE-2016-5416: ACI readable by anonymous user

Vulmon Search

About

Products

Connect

389-ds-base: CVE-2016-5416: ACI readable by anonymous user

Debian Bug report logs - #834233 389-ds-base: CVE-2016-5416: ACI readable by anonymous user

Vulmon Search

About

Products

Connect

Debian Bug report logs - #834233
389-ds-base: CVE-2016-5416: ACI readable by anonymous user