Format: 1.8
Date: Tue, 02 Feb 2021 11:06:34 -0500
Source: openldap
Binary: ldap-utils libldap-2.4-2 libldap2-dev slapd slapd-contrib slapi-dev
Architecture: riscv64 riscv64_translations
Version: 2.4.49+dfsg-2ubuntu1.6
Distribution: focal
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@riscv64-qemu-lcy01-064.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-contrib - contributed plugins for OpenLDAP slapd
 slapi-dev  - development libraries for OpenLDAP SLAPI plugin interface
Changes:
 openldap (2.4.49+dfsg-2ubuntu1.6) focal-security; urgency=medium
 .
   * SECURITY UPDATE: integer underflow in Certificate Exact Assertion
     processing
     - debian/patches/CVE-2020-36221-1.patch: fix serialNumberAndIssuerCheck
       in servers/slapd/schema_init.c.
     - debian/patches/CVE-2020-36221-2.patch: fix serialNumberAndIssuerCheck
       in servers/slapd/schema_init.c.
     - CVE-2020-36221
   * SECURITY UPDATE: assert failure in saslAuthzTo validation
     - debian/patches/CVE-2020-36222-1.patch: remove saslauthz asserts in
       servers/slapd/saslauthz.c.
     - debian/patches/CVE-2020-36222-2.patch: fix debug msg in
       servers/slapd/saslauthz.c.
     - CVE-2020-36222
   * SECURITY UPDATE: crash in Values Return Filter control handling
     - debian/patches/CVE-2020-36223.patch: fix vrfilter double-free in
       servers/slapd/controls.c.
     - CVE-2020-36223
   * SECURITY UPDATE: DoS in saslAuthzTo processing
     - debian/patches/CVE-2020-36224-1.patch: use ch_free on normalized DN
       in servers/slapd/saslauthz.c.
     - debian/patches/CVE-2020-36224-2.patch: use slap_sl_free in prev
       commit in servers/slapd/saslauthz.c.
     - CVE-2020-36224
   * SECURITY UPDATE: DoS in saslAuthzTo processing
     - debian/patches/CVE-2020-36225.patch: fix AVA_Sort on invalid RDN in
       servers/slapd/dn.c.
     - CVE-2020-36225
   * SECURITY UPDATE: DoS in saslAuthzTo processing
     - debian/patches/CVE-2020-36226.patch: fix slap_parse_user in
       servers/slapd/saslauthz.c.
     - CVE-2020-36226
   * SECURITY UPDATE: infinite loop in cancel_extop Cancel operation
     - debian/patches/CVE-2020-36227.patch: fix cancel exop in
       servers/slapd/cancel.c.
     - CVE-2020-36227
   * SECURITY UPDATE: DoS in Certificate List Exact Assertion processing
     - debian/patches/CVE-2020-36228.patch: fix issuerAndThisUpdateCheck in
       servers/slapd/schema_init.c.
     - CVE-2020-36228
   * SECURITY UPDATE: DoS in X.509 DN parsing in ad_keystring
     - debian/patches/CVE-2020-36229.patch: add more checks to
       ldap_X509dn2bv in libraries/libldap/tls2.c.
     - CVE-2020-36229
   * SECURITY UPDATE: DoS in X.509 DN parsing in ber_next_element
     - debian/patches/CVE-2020-36230.patch: check for invalid BER after RDN
       count in libraries/libldap/tls2.c.
     - CVE-2020-36230
Checksums-Sha1:
 18078417c8d9eb71daed2205e7e4d7bf50f28ce1 540832 ldap-utils-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 f4f0591e05e4096457e9fb3ef8bd74c41ca4cd34 110260 ldap-utils_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 04f1203f07a8e003823e376468d8cc92b5578a3d 536680 libldap-2.4-2-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 273d4f1569250c8b0a53a6a27a9ea187bf59676c 137460 libldap-2.4-2_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 6ca3c441f8111b5fa445dd8dffec9d92fd5745be 440640 libldap2-dev_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 695eb64ad28eafbbfb04af854665740d5da5ceb8 10714 openldap_2.4.49+dfsg-2ubuntu1.6_riscv64.buildinfo
 5c171fb9c143ddc8903dba758627f31ac30389bf 64020 openldap_2.4.49+dfsg-2ubuntu1.6_riscv64_translations.tar.gz
 387f8473ba8cceae72659d3a7d88e21e113f7935 61628 slapd-contrib-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 0b90000caafeb18def68e0beae6539630a964bf6 22672 slapd-contrib_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 7482df6d442e522bea28bd3da7e93adbb115fb3a 7115796 slapd-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 b53746ba6453561a5782a9622164bb8fd344ce7f 1289012 slapd_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 81fe13d0bad2cfbcfea847b5b3a928c7c89b5524 14652 slapi-dev_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
Checksums-Sha256:
 6f99de63aa8787ae2d055ececb96ec610665d3cebe6bbdc69a9d59e68d2cbfa2 540832 ldap-utils-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 7e532678b2b056532697b95a164c3ac9c34b2e314c5db49b59bc8267fc785586 110260 ldap-utils_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 b4384b75828205e7471968350a134bddc1fed4c8eec762c7a7cd4032d3a38d5c 536680 libldap-2.4-2-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 5c6c82f38c7d7baef26690cfc38f5084ae706bf2dd24febe3164c5e329fae2a4 137460 libldap-2.4-2_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 1fc96f1d7acef3108cf08643244c50f0b6287ad09d0d726ca50a72fa0bfa36bb 440640 libldap2-dev_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 f7f3e908a50f19fc9aac943783581ff322fb857160304eab8f83b7dfcd5226c2 10714 openldap_2.4.49+dfsg-2ubuntu1.6_riscv64.buildinfo
 69252584b13432aa909d6422f2656891a4fa6dccecc5bda1688fcced5bcab190 64020 openldap_2.4.49+dfsg-2ubuntu1.6_riscv64_translations.tar.gz
 32e5565e463ddee1fb17f782526d27484d82e8d2f2a0fa6bde2d3e636634a72d 61628 slapd-contrib-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 3d3584309d48c99f05a01e353a6b328668796f2ea0c707d0e883bdd1a75e9b97 22672 slapd-contrib_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 34118a30db09897c00847a542e0df77838b777f292318378474d927eca0e699d 7115796 slapd-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 f4702d368e921a84238efb9d2344b7e482bc1d86abe8f610e0c8adebb9ffa8c2 1289012 slapd_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 f865042982d357ec6e86b50e524df884524f78df78427eac722bbc2f2b2ba0ae 14652 slapi-dev_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
Files:
 73a7f1bdd56aa579d928bbe46763d0af 540832 debug optional ldap-utils-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 f51fe9367e396fa0ac883c3ccbc26876 110260 net optional ldap-utils_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 74e181e8bef4c4a912fb9e78197ec548 536680 debug optional libldap-2.4-2-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 d8d710befe97762a14b713c1fdf41e18 137460 libs optional libldap-2.4-2_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 c2b3e797f9aebf1b078b6d937f8880a6 440640 libdevel optional libldap2-dev_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 8a22099475e175f50966ef4f45501a09 10714 net optional openldap_2.4.49+dfsg-2ubuntu1.6_riscv64.buildinfo
 f396ecb83a471ac494ddb8ee3b7d0612 64020 raw-translations - openldap_2.4.49+dfsg-2ubuntu1.6_riscv64_translations.tar.gz
 0afdb3d439d6bd3c86264fae6f093527 61628 debug optional slapd-contrib-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 4b7f707d9c7905bbe1234240dd6b9cd4 22672 net optional slapd-contrib_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 0283f38ccd5f0604bcebe52827cf7a27 7115796 debug optional slapd-dbgsym_2.4.49+dfsg-2ubuntu1.6_riscv64.ddeb
 d0ae958845527ba28f4bddc0da30d2d5 1289012 net optional slapd_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
 50636130bd90b9f8e797f2265f182dd5 14652 libdevel optional slapi-dev_2.4.49+dfsg-2ubuntu1.6_riscv64.deb
Original-Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>