[Pkg-openldap-devel] Bug#448644: Bug#448644: Bug#448644: CVE-2007-5708 remote denial of service

[Nico Golde]

Hi Matthijs,
* Matthijs Mohlmann <matthijs at cacholong.nl> [2007-11-05 11:19]:
> Russ Allbery wrote:
> >Nico Golde <nion at debian.org> writes:
> >>attached is a proposal for an NMU.
> >>It will be archived on:
> >>http://people.debian.org/~nion/nmu-diff/openldap2.3-2.38-1_2.3.38-1.1.patch
> >I'm not sure why we would do this rather than just package 2.3.39.
> >Wouldn't the latter be a better idea for unstable?  (For the stable
> >security release, of course, we should just cherry-pick the one fix,
> >assuming it applies to the stable version, which I haven't checked.)
> >Also, 2.4 is now officially released, so we should really switch to that
> >ASAP so that we can get rid of 2.2.  I'll send more mail about that later
> >this week, though, since that's going to be a complex transition.
> >Upgrading to the upstream 2.3.39 release should be simple.
> 
> Upgrade to 2.3.39 is I think the better choice here and after that we can make 
> the switch to 2.4. And now that 2.4 is officially released I can add some 
> initially packaging for 2.4 in svn.

Sure upgrading to 2.3.39 is a better choice! There was no 
feedback yet to this bug report and it would be nice to see 
this fixed as soon as possible. Please go ahead and package 
the new upstream version then. Please consider to upload a 
version with the patch if this would keep this bug unfixed 
for a longer time.
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20071105/cfe346dd/attachment-0001.pgp