-
ldb (2:2.4.4-0ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: Access controlled AD LDAP attributes can be discovered
- debian/patches/CVE-2023-0614-*.patch: upstream patches to fix the
issue.
- debian/libldb2.symbols: added new symbols.
- CVE-2023-0614
-- Marc Deslauriers <email address hidden> Thu, 30 Mar 2023 08:16:21 -0400
-
ldb (2:2.4.4-0ubuntu0.20.04.1) focal-security; urgency=medium
* Update to 2.4.4 for samba security update
- Removed patches included in new version:
+ Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch
+ CVE-2021-3670.patch
+ CVE-2022-32745_6-06.patch
+ CVE-2022-32745_6-10.patch
+ CVE-2022-32745_6-11.patch
+ CVE-2022-32745_6-12.patch
+ CVE-2022-32745_6-13.patch
- debian/*symbols*: added new symbols.
- debian/control: bump tdb Build-Depends to 1.4.4, talloc to 2.3.3,
and tevent to 0.11.0.
-- Marc Deslauriers <email address hidden> Thu, 23 Feb 2023 10:29:16 -0500
-
ldb (2:2.2.3-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: MaxQueryDuration not honoured in Samba AD DC LDAP
- debian/patches/CVE-2021-3670.patch: Confirm the request has not yet
timed out in ldb filter processing in ldb_key_value/ldb_kv.c,
ldb_key_value/ldb_kv.h, ldb_key_value/ldb_kv_index.c,
ldb_key_value/ldb_kv_search.c.
- CVE-2021-3670
* SECURITY UPDATE: use-after-free via LDAP add or modify request
- debian/patches/CVE-2022-32745_6-06.patch: Use LDB_FLAG_MOD_TYPE()
for flags equality check in modules/rdn_name.c.
- debian/patches/CVE-2022-32745_6-10.patch: Add flag to mark message
element values as shared in common/ldb_msg.c, include/ldb_module.h.
- debian/patches/CVE-2022-32745_6-11.patch: Ensure shallow copy
modifications do not affect original message in common/ldb_msg.c,
include/ldb.h.
- debian/patches/CVE-2022-32745_6-12.patch: Add functions for appending
to an ldb_message in common/ldb_msg.c, include/ldb.h.
- debian/patches/CVE-2022-32745_6-13.patch: Make use of functions for
appending to an ldb_message in ldb_map/ldb_map.c,
ldb_map/ldb_map_inbound.c, modules/rdn_name.c.
- CVE-2022-32746
* debian/libldb2.symbols: added new symbols.
-- Marc Deslauriers <email address hidden> Mon, 18 Jul 2022 07:57:54 -0400
-
ldb (2:2.2.3-0ubuntu0.20.04.2) focal-security; urgency=medium
* Update to 2.2.3 for samba security update
- Removed patches included in new version:
+ CVE-2020-27840-1.patch
+ CVE-2020-27840-2.patch
+ CVE-2021-20277-1.patch
+ CVE-2021-20277-2.patch
+ CVE-2021-20277-3.patch
+ CVE-2021-20277-4.patch
- Updated patches from Impish package:
+ Skip-test_guid_indexed_v1_db-on-mips64el-ppc64el-ia6.patch
+ Fix-FTBFS-Increase-the-over-estimation-for-sparse-fi.patch
+ Skip-ldb_lmdb_free_list_test-on-ppc64el-ppc64-and-sp.patch
- debian/*symbols*: added new symbols.
- debian/patches/Skip_failing_tests.diff: skip tests failing on 32-bit
archs.
- debian/control: bump tdb Build-Depends to 1.4.3, bump talloc
Build-Depends to 2.3.1, bump tevent Build-Depends to 0.10.2.
- CVE-2020-25718
-- Marc Deslauriers <email address hidden> Mon, 01 Nov 2021 07:50:21 -0400
-
ldb (2:2.0.10-0ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: Heap corruption via crafted DN strings
- debian/patches/CVE-2020-27840-1.patch: avoid head corruption in
ldb_dn_explode in common/ldb_dn.c.
- debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb
in tests/python/crash.py, wscript.
- CVE-2020-27840
* SECURITY UPDATE: Out of bounds read in AD DC LDAP server
- debian/patches/CVE-2021-20277-1.patch: add tests for
ldb_wildcard_compare in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra
spaces in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-3.patch: remove tests from
ldb_match_test that do not pass in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-4.patch: stay in bounds in
common/attrib_handlers.c.
- CVE-2021-20277
-- Marc Deslauriers <email address hidden> Wed, 24 Mar 2021 08:01:45 -0400
-
ldb (2:2.0.10-0ubuntu0.20.04.2) focal-security; urgency=medium
* No change rebuild to pick up riscv64 build.
-- Marc Deslauriers <email address hidden> Fri, 18 Sep 2020 14:30:35 -0400
-
ldb (2:2.0.10-0ubuntu0.20.04.1) focal-security; urgency=medium
* Updated to 2.0.10 to fix samba security issue.
- debian/*.symbols*: added new 2.0.10 symbols.
-- Marc Deslauriers <email address hidden> Fri, 24 Apr 2020 07:40:31 -0400
-
ldb (2:2.0.8-2) unstable; urgency=medium
[ Andreas Hasenack ]
* d/python3-ldb.symbols*: update symbols for python 3.8 (Closes: #953331)
-- Mathieu Parent <email address hidden> Mon, 09 Mar 2020 11:05:52 +0100
-
ldb (2:2.0.8-1ubuntu1) focal; urgency=medium
* d/python3-ldb.symbols*: update symbols for python 3.8
-- Andreas Hasenack <email address hidden> Mon, 27 Jan 2020 15:12:42 -0300
-
ldb (2:2.0.8-1) unstable; urgency=medium
[ Debian Janitor ]
* Use dh $@ sequencer.
[ Mathieu Parent ]
* d/watch: Remove outdated dversionmangle
* d/watch: Pin to ldb 2.0.x (for samba 4.11)
* New upstream version 2.0.8
- Update symbols
* Standards-Version: 4.5.0, no change
* d/control: libldb-dev Depends libtevent-dev
-- Mathieu Parent <email address hidden> Mon, 27 Jan 2020 10:45:29 +0100
-
ldb (2:2.0.7-4build1) focal; urgency=medium
* No-change rebuild to build with python3.8.
-- Matthias Klose <email address hidden> Sat, 25 Jan 2020 05:41:55 +0000
-
ldb (2:2.0.7-4) unstable; urgency=medium
[ Debian Janitor ]
* Update standards version to 4.4.1, no changes needed.
[ Mathieu Parent ]
* Only build on default python3 (Closes: #942669)
-- Mathieu Parent <email address hidden> Sun, 17 Nov 2019 14:42:51 +0100
-
ldb (2:1.5.5-0ubuntu3) focal; urgency=medium
* No-change rebuild to build with python3.8.
-- Matthias Klose <email address hidden> Fri, 18 Oct 2019 18:07:41 +0000
-
ldb (2:1.5.5-0ubuntu2) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
-- Matthias Klose <email address hidden> Thu, 05 Sep 2019 10:55:57 +0000
