-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.0 Source: openldap Binary: slapd, slapd-smbk5pwd, ldap-utils, libldap-2.4-2, libldap-2.4-2-dbg, libldap2-dev, slapd-dbg Architecture: any Version: 2.4.40+dfsg-1+deb8u1 Maintainer: Debian OpenLDAP Maintainers <[email protected]> Uploaders: Roland Bauerschmidt <[email protected]>, Steve Langasek <[email protected]>, Torsten Landschoff <[email protected]>, Matthijs Möhlmann <[email protected]>, Timo Aaltonen <[email protected]>, Ryan Tandy <[email protected]> Homepage: http://www.openldap.org/ Standards-Version: 3.9.1 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-openldap/openldap.git Vcs-Git: git://anonscm.debian.org/pkg-openldap/openldap.git Build-Depends: debhelper (>= 8.9.0~), dpkg-dev (>= 1.16.1), libdb5.3-dev, nettle-dev, libgnutls28-dev, unixodbc-dev, libncurses5-dev, libperl-dev (>= 5.8.0), libsasl2-dev, libslp-dev, libltdl-dev | libltdl3-dev (>= 1.4.3), libwrap0-dev, perl, po-debconf, quilt (>= 0.46-7), groff-base, time, heimdal-multidev, dh-autoreconf Build-Conflicts: autoconf2.13, bind-dev, libbind-dev, libicu-dev Package-List: ldap-utils deb net optional arch=any libldap-2.4-2 deb libs standard arch=any libldap-2.4-2-dbg deb debug extra arch=any libldap2-dev deb libdevel extra arch=any slapd deb net optional arch=any slapd-dbg deb debug extra arch=any slapd-smbk5pwd deb net extra arch=any Checksums-Sha1: b80c48f2b7cbf634a3d463b7eb4ca38f081ce2eb 4797667 openldap_2.4.40+dfsg.orig.tar.gz bed31b94ef1e525f565b22a55eb501aeb8b42c2b 179239 openldap_2.4.40+dfsg-1+deb8u1.diff.gz Checksums-Sha256: 86c0326dc3dc5f1a9b3c25f7106b96f3eafcdf5da090b1fc586dec57d56e0e7f 4797667 openldap_2.4.40+dfsg.orig.tar.gz ae1b31e084f4b3e086d26787816175959d166ec406c9bcfce8f6fbe46ad4062a 179239 openldap_2.4.40+dfsg-1+deb8u1.diff.gz Files: 8d84a916e2312aade2a3d7b2308a9a69 4797667 openldap_2.4.40+dfsg.orig.tar.gz c286cfcce9a00059b260a9c1257be7d9 179239 openldap_2.4.40+dfsg-1+deb8u1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV8updAAoJEAVMuPMTQ89E28kP/0hgJwho9RJKg1p4pZfhFbud 1Aet6cF3YxXKP+LOta84NpSZQSdZzCFjNNQczP8Mq7FzU7R6gNGZ/r1nmNQskLGd HVH7u0NgXN5svsPTD4HnZMz9lvOJeoC1ZmGApm+nGAXyRl4faQCJQ5fTuTOr0sbM YXe/Kxq2n4brdtJ6XEM4+Y6SWO5oBTwdf2A46iHvZnOxfY0MzxP1DlOLOWqbVtPv Z/zKwcyOd4hw2ablGI7YK7yQMnWZc06UY+OKm1DkrbF7/P8Hs5LXRrGmsE4WW0QL Q0t1hrI9y6P9ZKeVjsTxHNPLmUT6hO4oJJAa62Qcjzi6vTLq9Y/7+KiADOSdIZuv T024h2Ny3KC5BIkh7O0EPiZrwU7dmm2+1aJTo6eFlzmttleaN6mtfRj2ElfwB343 FtTkHX2QQp5PmEZdEV9wbDySmQNe8lKzUSexm7p/8a0GMqBW3XKFxSHm6GyQQYSJ kJSAgqEI086J2RqtlklQRE+U1TSe54xakVizxJl+k/v91OeCRuFp2wqks7Cnz3B1 nysfQX6JOsiHuOMBjMJB2C3GFpmnWwQafAp+U6kFDV0eY4T+zXWkG4CKSAoOgTtF xnixnKnypDvpBd0eUBuHAObImfVtXQ2QFw9X27GqDWRKEaC3auMywBpwaAuh7aFn B4wbMB5LmobxiBOkXn1k =obZh -----END PGP SIGNATURE----- Changes: openldap (2.4.40+dfsg-1+deb8u1) jessie-security; urgency=high * Non-maintainer upload by the Security Team. * Add ITS8240-remove-obsolete-assert.patch patch. Import upstream patch to remove an unnecessary assert(0) that could be triggered remotely by an unauthenticated user by sending a malformed BER element. (CVE-2015-6908, Closes: #798622) -- Salvatore Bonaccorso <[email protected]> Fri, 11 Sep 2015 10:30:43 +0200