Ubuntu
openldap2.2 package

Change log for openldap2.2 package in Ubuntu

121 of 21 results FirstPreviousNextLast
Obsolete in dapper-updates
Obsolete in dapper-security 
openldap2.2 (2.2.26-5ubuntu2.10) dapper-security; urgency=low

  * SECURITY UPDATE: null ptr deref, free uninitialized data in modrdn calls
    - servers/slapd/modrdn.c: check return for errors and clean up uninitialized data
    - servers/slapd/dn.c: return error on 0-length or binary RDNs
    - servers/slapd/schema_init.c: return error on invalid syntax
    - References
      CVE-2010-0211, CVE-2010-0212
      http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/modrdn.c.diff?r1=1.170.2.7&r2=1.170.2.8
      http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/dn.c.diff?r1=1.182.2.15&r2=1.182.2.16
      http://www.openldap.org/devel/cvsweb.cgi/servers/slapd/schema_init.c.diff?r1=1.386.2.39&r2=1.386.2.40
 -- Steve Beattie <email address hidden>   Thu, 29 Jul 2010 16:25:34 -0700
Superseded in dapper-updates
Superseded in dapper-security 
openldap2.2 (2.2.26-5ubuntu2.9) dapper-security; urgency=low

  * SECURITY UPDATE: SSL certificate bypass with NULL CN byte.
    - libraries/libldap/tls.c: get the last CN and check for length match.
    - http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8&r2=1.12
    - CVE-2009-3767
 -- Marc Deslauriers <email address hidden>   Wed, 11 Nov 2009 11:53:46 -0500
Superseded in dapper-updates
Superseded in dapper-security 
openldap2.2 (2.2.26-5ubuntu2.8) dapper-security; urgency=high

  * SECURITY UPDATE: denial of service via broken BER decoding.
  * libraries/liblber/io.c: backported upstream fixes.
  * References
    CVE-2008-2952
    http://www.openldap.org/devel/cvsweb.cgi/libraries/liblber/io.c.diff?r1=1.107.2.7&r2=1.107.2.8&hideattic=1&sortbydate=0

 -- Kees Cook <email address hidden>   Thu, 31 Jul 2008 16:14:11 -0700
Superseded in dapper-updates
Deleted in dapper-proposed (Reason: moved to -updates) 
openldap2.2 (2.2.26-5ubuntu2.7) dapper-proposed; urgency=low

  * The config scripts are run twice, this causes the password in
    slapd/internal/adminpw to be empty. This fixes the issue with having an
    empty password in the ldap database. Fixes: LP #66925.

 -- Mathias Gug <email address hidden>   Mon,  5 May 2008 18:24:32 -0400
Obsolete in edgy-updates
Obsolete in edgy-security 
openldap2.2 (2.2.26-5ubuntu3.3) edgy-security; urgency=low

  * SECURITY UPDATE: slapd crash when using the bdb backend and processing
    crafted modify and modrdn requests
  * patch to back-bdb/add.c, back-bdb/ctxcsn.c, back-bdb/delete.c,
    back-bdb/modify.c, back-bdb/modrdn.c to properly check for NOOP option
  * References:
    CVE-2007-6698
    CVE-2008-0658
    LP: #197077

 -- Jamie Strandboge <email address hidden>   Tue, 04 Mar 2008 09:41:01 -0500
Superseded in dapper-updates
Superseded in dapper-security 
openldap2.2 (2.2.26-5ubuntu2.6) dapper-security; urgency=low

  * version bump for -proposed version conflict
Deleted in dapper-proposed (Reason: moved to -updates) 
openldap2.2 (2.2.26-5ubuntu2.5) dapper-proposed; urgency=low

  * The config scripts is runned twice, this causes the password in
   slapd/internal/adminpw to be empty. This fixes the issue with having an
   empty password in the ldap database. LP: #66925.

 -- Mathias Gug <email address hidden>   Fri, 18 Jan 2008 11:45:57 -0500
Superseded in edgy-updates
Superseded in edgy-security 
openldap2.2 (2.2.26-5ubuntu3.2) edgy-security; urgency=low

  * SECURITY UPDATE: slapd crash when processing crafted modify requests
  * debian/patches/SECURITY_CVE-2007-5707.patch: properly reset slap_mod_list
    when normalization fails in servers/slapd/modify.c
  * References
    CVE-2007-5707
    Fixes LP #163740

 -- Jamie Strandboge <email address hidden>   Fri, 30 Nov 2007 16:16:38 -0500
Superseded in dapper-updates
Superseded in dapper-security 
openldap2.2 (2.2.26-5ubuntu2.4) dapper-security; urgency=low

  * SECURITY UPDATE: slapd crash when processing crafted modify requests
  * debian/patches/SECURITY_CVE-2007-5707.patch: properly reset slap_mod_list
    when normalization fails in servers/slapd/modify.c
  * References
    CVE-2007-5707
    Fixes LP #163740

 -- Jamie Strandboge <email address hidden>   Fri, 30 Nov 2007 16:20:42 -0500
Superseded in dapper-proposed 
openldap2.2 (2.2.26-5ubuntu2.3) dapper-proposed; urgency=low

  * The config scripts is runned twice, this causes the password in
    slapd/internal/adminpw to be empty. This fixes the issue with having an
    empty password in the ldap database. Fixes: LP #66925.

 -- Mathias Gug <email address hidden>   Tue, 18 Sep 2007 17:19:35 -0400
Superseded in edgy-updates
Superseded in edgy-security 
openldap2.2 (2.2.26-5ubuntu3.1) edgy-security; urgency=low

  * SECURITY UPDATE: Denial of service possible with a crafted remote
    LDAP BIND request due to an assert failure.
  * libraries/libldap/getdn.c: check for string end conditions, as done
    in upstream CVS.
  * References
    http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c.diff?r1=1.133&r2=1.134
    CVE-2006-5779

 -- Kees Cook <email address hidden>   Sat, 11 Nov 2006 12:55:50 -0800
Superseded in dapper-updates
Superseded in dapper-security 
openldap2.2 (2.2.26-5ubuntu2.2) dapper-security; urgency=low

  * SECURITY UPDATE: Denial of service possible with a crafted remote
    LDAP BIND request due to an assert failure.
  * libraries/libldap/getdn.c: check for string end conditions, as done
    in upstream CVS.
  * References
    http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c.diff?r1=1.133&r2=1.134
    CVE-2006-5779

 -- Kees Cook <email address hidden>   Mon, 20 Nov 2006 13:37:35 -0800
Obsolete in breezy-security 
openldap2.2 (2.2.26-3ubuntu0.2) breezy-security; urgency=low

  * SECURITY UPDATE: Denial of service possible with a crafted remote
    LDAP BIND request due to an assert failure.
  * libraries/libldap/getdn.c: check for string end conditions, as done
    in upstream CVS.
  * References
    http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/getdn.c.diff?r1=1.133&r2=1.134
    CVE-2006-5779

 -- Kees Cook <email address hidden>   Mon, 20 Nov 2006 13:43:38 -0800
Deleted in feisty-release (Reason: (From Debian) RoQA; superseded by openldap2.3; RC-buggy (...)
Obsolete in edgy-release 
openldap2.2 (2.2.26-5ubuntu3) edgy; urgency=low

  * SECURITY UPDATE: Crash/arbitrary code execution with crafted host names.
  * servers/slurpd/st.c, St_read():
    - Do not sprintf arbitrarily long strings into fixed-size tbuf.
    - Patch ported from upstream CVS commit:
      http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff?
      r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=u
    - CVE-2006-2754

 -- Martin Pitt <email address hidden>   Mon, 26 Jun 2006 11:37:55 +0000
Superseded in dapper-security 
openldap2.2 (2.2.26-5ubuntu2.1) dapper-security; urgency=low

  * SECURITY UPDATE: Crash/arbitrary code execution with crafted host names.
  * servers/slurpd/st.c, St_read():
    - Do not sprintf arbitrarily long strings into fixed-size tbuf.
    - Patch ported from upstream CVS commit:
      http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff?
      r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=u
    - CVE-2006-2754

 -- Martin Pitt <email address hidden>   Mon, 26 Jun 2006 11:37:55 +0000
Superseded in breezy-security 
openldap2.2 (2.2.26-3ubuntu0.1) breezy-security; urgency=low

  * SECURITY UPDATE: Crash/arbitrary code execution with crafted host names.
  * servers/slurpd/st.c, St_read():
    - Do not sprintf arbitrarily long strings into fixed-size tbuf.
    - Patch ported from upstream CVS commit:
      http://www.openldap.org/devel/cvsweb.cgi/servers/slurpd/st.c.diff?
      r1=1.21&r2=1.22&hideattic=1&sortbydate=0&f=u
    - CVE-2006-2754

 -- Martin Pitt <email address hidden>   Mon, 26 Jun 2006 12:04:39 +0000
Superseded in edgy-release
Obsolete in dapper-release 
openldap2.2 (2.2.26-5ubuntu2) dapper; urgency=low

  * Create /var/run/slapd in the init script.

 -- Scott James Remnant <email address hidden>   Tue, 11 Apr 2006 02:18:17 +0100
Superseded in dapper-release 
openldap2.2 (2.2.26-5ubuntu1) dapper; urgency=low

  * Switch default config to use ssl-cert-snakeoil certificates.
  * Add Depends on ssl-cert.

 -- Fabio M. Di Nitto <email address hidden>   Mon, 13 Feb 2006 08:48:02 +0100
Superseded in dapper-release 
openldap2.2 (2.2.26-5build1) dapper; urgency=low


  * Rebuild against openssl 0.9.8.

 -- Martin Pitt <email address hidden>  Mon, 30 Jan 2006 10:48:59 +0000
Superseded in dapper-release
Superseded in dapper-release
Superseded in dapper-release 
openldap2.2 (2.2.26-5) unstable; urgency=low


  Steve Langasek <email address hidden>:
  * debian/slapd.templates: Fix typo durin -> during; re-run
    debconf-updatepo, fixing up the fuzzies (closes: #319596).

  Torsten Landschoff <email address hidden>:
  * debian/control: Remove conflicts with ldap-server and ldap-client 
    virtual packages in preparation for new OpenLDAP packages.
  * debian/slapd.scripts-common: Wipe the admin password from the 
    debconf database after installation (closes: #260204).
  * Semi-automatic update of config.sub and config.guess.

 -- Torsten Landschoff <email address hidden>  Mon, 31 Oct 2005 09:06:46 +0100
Obsolete in breezy-release 
openldap2.2 (2.2.26-3) unstable; urgency=low


  * [SECURITY] Applied the patch available at 
      http://bugzilla.padl.com/show_bug.cgi?id=210
    to force libldap to really use TLS when requested in /etc/ldap/ldap.conf
    (cf. CAN-2005-2069). Clients still will use libldap2 from openldap2
    source package so this is only to prepare unleashing the libraries of
    OpenLDAP 2.2 for unstable...

 -- Torsten Landschoff <email address hidden>  Sun,  3 Jul 2005 10:41:37 +0200
121 of 21 results FirstPreviousNextLast