golang-github-go-ldap-ldap 2.4.1-1+deb9u1 source package in Debian
Changelog
golang-github-go-ldap-ldap (2.4.1-1+deb9u1) stretch; urgency=medium
* Team upload.
* Require explicit intention for empty password.
This is normally used for unauthenticated bind, and
https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends:
"Clients SHOULD disallow an empty password input to a Name/Password
Authentication user interface"
This is (mostly) a cherry-pick of 95ede12 from upstream, except
the bit in ldap_test.go, which is unrelated to the security issue.
This fixes CVE-2017-14623. (Closes: #876404)
-- Dr. Tobias Quathamer <email address hidden> Wed, 29 Nov 2017 23:45:26 +0100
Upload details
- Uploaded by:
- Debian Go Packaging Team
- Uploaded to:
- Stretch
- Original maintainer:
- Debian Go Packaging Team
- Architectures:
- all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Stretch | release | main | misc |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| golang-github-go-ldap-ldap_2.4.1-1+deb9u1.dsc | 2.2 KiB | ef955905738d97ee3e80273012e2646dbbc919f14b1eeb4f8c7d4ca5b9ab0ac5 |
| golang-github-go-ldap-ldap_2.4.1.orig.tar.gz | 32.9 KiB | 958d8cd684b0578ca16289bcbdcfa25018e7af4c08eb7adc99a5f5a541b29c29 |
| golang-github-go-ldap-ldap_2.4.1-1+deb9u1.debian.tar.xz | 4.5 KiB | 5ed5655409eddf8b0f9df20689cf67a4fdaeee410955721f59cadd498932f118 |
No changes file available.
