[Pkg-openldap-devel] Bug#448644: Bug#448644: Bug#448644: CVE-2007-5708 remote denial of service
Matthijs Mohlmann
matthijs at cacholong.nl
Mon Nov 5 10:13:24 UTC 2007
Russ Allbery wrote:
> Nico Golde <nion at debian.org> writes:
>
>> Hi,
>> attached is a proposal for an NMU.
>> It will be archived on:
>> http://people.debian.org/~nion/nmu-diff/openldap2.3-2.38-1_2.3.38-1.1.patch
>
> I'm not sure why we would do this rather than just package 2.3.39.
> Wouldn't the latter be a better idea for unstable? (For the stable
> security release, of course, we should just cherry-pick the one fix,
> assuming it applies to the stable version, which I haven't checked.)
>
> Also, 2.4 is now officially released, so we should really switch to that
> ASAP so that we can get rid of 2.2. I'll send more mail about that later
> this week, though, since that's going to be a complex transition.
> Upgrading to the upstream 2.3.39 release should be simple.
>
Upgrade to 2.3.39 is I think the better choice here and after that we
can make the switch to 2.4. And now that 2.4 is officially released I
can add some initially packaging for 2.4 in svn.
Regards,
Matthijs Mohlmann
More information about the Pkg-openldap-devel
mailing list