[Pkg-openldap-devel] [openldap] 01/01: Imported Debian patch 2.4.41+dfsg-1ubuntu2

Ryan Tandy rtandy-guest at moszumanska.debian.org
Sun Dec 13 16:49:39 UTC 2015 

This is an automated email from the git hooks/post-receive script.

rtandy-guest pushed a commit to branch ubuntu/master
in repository openldap.

commit a99f2a7401f316e738df772f4302103531e0de92
Author: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Date:   Mon Sep 14 10:25:04 2015 -0400

    Imported Debian patch 2.4.41+dfsg-1ubuntu2
---
 debian/changelog                   |  9 +++++++++
 debian/patches/CVE-2015-6908.patch | 25 +++++++++++++++++++++++++
 debian/patches/series              |  1 +
 3 files changed, 35 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 462254f..3f513b6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+openldap (2.4.41+dfsg-1ubuntu2) wily; urgency=medium
+
+  * SECURITY UPDATE: denial of service via crafted BER data
+    - debian/patches/CVE-2015-6908.patch: remove obsolete assert in
+      libraries/liblber/io.c.
+    - CVE-2015-6908
+
+ -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Mon, 14 Sep 2015 10:25:04 -0400
+
 openldap (2.4.41+dfsg-1ubuntu1) wily; urgency=medium
 
   * Merge from Debian testing (LP: #1471831). Remaining changes:
diff --git a/debian/patches/CVE-2015-6908.patch b/debian/patches/CVE-2015-6908.patch
new file mode 100644
index 0000000..5db3662
--- /dev/null
+++ b/debian/patches/CVE-2015-6908.patch
@@ -0,0 +1,25 @@
+From 6fe51a9ab04fd28bbc171da3cf12f1c1040d6629 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc at openldap.org>
+Date: Thu, 10 Sep 2015 00:37:32 +0100
+Subject: [PATCH] ITS#8240 remove obsolete assert
+
+---
+ libraries/liblber/io.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libraries/liblber/io.c b/libraries/liblber/io.c
+index 85c3e23..c05dcf8 100644
+--- a/libraries/liblber/io.c
++++ b/libraries/liblber/io.c
+@@ -679,7 +679,7 @@ done:
+ 		return (ber->ber_tag);
+ 	}
+ 
+-	assert( 0 ); /* ber structure is messed up ?*/
++	/* invalid input */
+ 	return LBER_DEFAULT;
+ }
+ 
+-- 
+1.7.10.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 3f1fe5a..945a184 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -24,3 +24,4 @@ no-bdb-ABI-second-guessing
 heimdal-fix
 ITS6035-olcauthzregex-needs-restart.patch
 fix-ldap-distribution.patch
+CVE-2015-6908.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openldap/openldap.git

More information about the Pkg-openldap-devel mailing list