[Pkg-openldap-devel] Bug#448644: Bug#448644: CVE-2007-5708 remote denial of service

[Russ Allbery]

Nico Golde <nion at debian.org> writes:

> Hi,
> attached is a proposal for an NMU.
> It will be archived on:
> http://people.debian.org/~nion/nmu-diff/openldap2.3-2.38-1_2.3.38-1.1.patch

I'm not sure why we would do this rather than just package 2.3.39.
Wouldn't the latter be a better idea for unstable?  (For the stable
security release, of course, we should just cherry-pick the one fix,
assuming it applies to the stable version, which I haven't checked.)

Also, 2.4 is now officially released, so we should really switch to that
ASAP so that we can get rid of 2.2.  I'll send more mail about that later
this week, though, since that's going to be a complex transition.
Upgrading to the upstream 2.3.39 release should be simple.

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>