Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908

From:	Leo Famulari
Subject:	Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908
Date:	Sat, 23 Apr 2016 20:58:49 -0400
User-agent:	Mutt/1.5.24 (2015-08-30)

On Fri, Apr 22, 2016 at 11:28:20PM -0400, Mark H Weaver wrote:
> Leo Famulari <address@hidden> writes:
> 
> > There is a remote denial of service bug in OpenLDAP in version 2.4.42
> > and earlier [0].
> 
> I think we'll need to graft this.  Would you like to try grafting it on
> your own system, see if anything obvious breaks, and then report back?

I've attached a patch that does seem to work, but as discussed on IRC,
it's ugly. Specifically, I've hand-coded the version into the URI string
rather than setting the "version" field.

Again, your advice requested...

0001-gnu-openldap-Update-to-2.4.44-fixes-CVE-2015-6908.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908, Leo Famulari, 2016/04/21
- [PATCH 1/1] gnu: openldap: Update to 2.4.44 [fixes CVE-2015-6908]., Leo Famulari, 2016/04/21
- Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908, Mark H Weaver, 2016/04/22
  - Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908, Leo Famulari <=
  - Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908, Leo Famulari, 2016/04/23
- Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908, Leo Famulari, 2016/04/24

Prev by Date: Re: [PATCH 0/2] Update Python to current versions
Next by Date: Re: [PATCH] tar bombs and muscle
Previous by thread: Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908
Next by thread: Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908
Index(es):
- Date
- Thread