Publishing details

• Published on 2018-03-10

Changelog

golang-github-go-ldap-ldap (2.4.1-1+deb9u1) stretch; urgency=medium

  * Team upload.
  * Require explicit intention for empty password.
    This is normally used for unauthenticated bind, and
    https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends:
    "Clients SHOULD disallow an empty password input to a Name/Password
    Authentication user interface"
    This is (mostly) a cherry-pick of 95ede12 from upstream, except
    the bit in ldap_test.go, which is unrelated to the security issue.
    This fixes CVE-2017-14623. (Closes: #876404)

 -- Dr. Tobias Quathamer <email address hidden>  Wed, 29 Nov 2017 23:45:26 +0100

Builds

Package files

• golang-github-go-ldap-ldap_2.4.1-1+deb9u1.debian.tar.xz (4.5 KiB)
• golang-github-go-ldap-ldap_2.4.1-1+deb9u1.dsc (2.2 KiB)
• golang-github-go-ldap-ldap_2.4.1.orig.tar.gz (32.9 KiB)