-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.0 Source: openldap Binary: slapd, slapd-smbk5pwd, ldap-utils, libldap-2.4-2, libldap-2.4-2-dbg, libldap2-dev, slapd-dbg Architecture: any Version: 2.4.31-2 Maintainer: Debian OpenLDAP Maintainers <[email protected]> Uploaders: Roland Bauerschmidt <[email protected]>, Stephen Frost <[email protected]>, Steve Langasek <[email protected]>, Torsten Landschoff <[email protected]>, Matthijs Möhlmann <[email protected]>, Russ Allbery <[email protected]> Homepage: http://www.openldap.org/ Standards-Version: 3.9.1 Vcs-Browser: http://svn.debian.org/wsvn/pkg-openldap/openldap/trunk Vcs-Svn: svn://svn.debian.org/pkg-openldap/openldap/trunk Build-Depends: debhelper (>= 8.9.0~), dpkg-dev (>= 1.16.1), libdb5.1-dev, libgcrypt-dev, libgnutls-dev (>= 1.7), unixodbc-dev, libncurses5-dev, libperl-dev (>= 5.8.0), libsasl2-dev, libslp-dev, libltdl-dev | libltdl3-dev (>= 1.4.3), libwrap0-dev, perl, debconf-utils, po-debconf, quilt (>= 0.46-7), groff-base, time, heimdal-dev, dh-autoreconf Build-Conflicts: autoconf2.13, bind-dev, libbind-dev, libicu-dev Package-List: ldap-utils deb net optional libldap-2.4-2 deb libs standard libldap-2.4-2-dbg deb debug extra libldap2-dev deb libdevel extra slapd deb net optional slapd-dbg deb debug extra slapd-smbk5pwd deb net extra Checksums-Sha1: 864e7b6ba54cc00ef5b834fd5b5739a7900dd6e3 4720612 openldap_2.4.31.orig.tar.gz 1ac7bc70a573680a9adfbbe01fdb5afdaf52f8fc 168099 openldap_2.4.31-2.diff.gz Checksums-Sha256: dff60c1044021217ab97a7bdda5a7016015f042db0fbfd566d52abb266d19239 4720612 openldap_2.4.31.orig.tar.gz 8c373d066e8eedd2190b0cca883b29e27883a41b2d9da9cdde1970a53b283a5e 168099 openldap_2.4.31-2.diff.gz Files: a8631b2202d8099143edb57e36b33dea 4720612 openldap_2.4.31.orig.tar.gz e53283709fbf76177e1e8d8f615a0edc 168099 openldap_2.4.31-2.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVGSZnAAoJEKmDSiJSB45OmjkQALvz0+nIdcSMPkeFLirWfnSD zoyaNWS9H7ZfaCMI+NWjDPIQ3/eZb+S76C+WorZ/1Z0MYroJ4Djsu8bT6IQ6vkoQ N8HqfADk985LdatVLKXSo9r/1H7IHT2G/CP6dKE7AiR38ahsN0uzrYOptZd/5LHj ko52ya0Rd+I81PgIu+Uev98L1m07RRG3/HlblBzobVlXZojd7Ec8iEWZG6xH3kxX kKYgsJFjnD+Bfon+pdmLgcUSgi2TwwnFN0f5SJ1I3Mb9AHA8vnMBtkOs05xXJmKc NScaJNSvZBB4I+i3IpAyqj3AqUp4wvOkGszhvlzHwmglqGm3tLnFuSnw7fbj5GmE 4SRm0M+B68Hwn9/iUUwdZOCt9Yn2XU/xtTqPLJqCfrzekHShtMLxkvhcMGHFEexb pTk5CitJBBcOvkOfqrb6ngxafPjmvLPHA6QOjjzrJtB9Ay+68S+No27Kq+D0FibX M1BEs9Inkgc3WmV+8yibKhLoLFyVpgz3onCC7q9DkLXxRKk08PMNWfVjaQmr7eYt TbnT0CenbkzALLStnpG+r18GngzeqT5CLkIIVXH++a+llLaYrtuBFM5HLdyGEkXN hAnqfSaN4nJdI/nCBqUGud7+JrUfyLCiIypNmjmOJQPtb4UamfNelSb7PIYkYHZO 2ftTWrW8dO14V13JVEse =t0Yq -----END PGP SIGNATURE----- Changes: openldap (2.4.31-2) wheezy-security; urgency=high * Team upload. [ Ryan Tandy ] * debian/slapd.init.ldif: Disallow modifying one's own entry by default, except specific attributes. (CVE-2014-9713) (Closes: #761406) * debian/slapd.{config,templates}: On upgrade, if an access rule begins with "to * by self write", show a debconf note warning that it should be changed. * debian/slapd.README.debian: Add information about how to remove "to * by self write" from existing ACLs. * debian/po/*: Add translations of debconf warning. * debian/patches/ITS8027-deref-reject-empty-attr-list.patch: Import upstream patch to fix a crash when a search includes the Deref control with an empty attribute list. (ITS#8027) (CVE-2015-1545) (Closes: #776988) * debian/patches/ITS7723-fix-reference-counting.patch: Import upstream patch to fix a crash in the rwm overlay when a search is immediately followed by an unbind. (ITS#7723) (CVE-2013-4449) (Closes: #729367) -- Luca Bruno <[email protected]> Mon, 30 Mar 2015 10:03:58 +0200