[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908
From: |
Leo Famulari |
Subject: |
Re: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908 |
Date: |
Sat, 23 Apr 2016 20:58:49 -0400 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Fri, Apr 22, 2016 at 11:28:20PM -0400, Mark H Weaver wrote:
> Leo Famulari <address@hidden> writes:
>
> > There is a remote denial of service bug in OpenLDAP in version 2.4.42
> > and earlier [0].
>
> I think we'll need to graft this. Would you like to try grafting it on
> your own system, see if anything obvious breaks, and then report back?
I've attached a patch that does seem to work, but as discussed on IRC,
it's ugly. Specifically, I've hand-coded the version into the URI string
rather than setting the "version" field.
Again, your advice requested...
0001-gnu-openldap-Update-to-2.4.44-fixes-CVE-2015-6908.patch
Description: Text Data