-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.0 Source: openldap Binary: slapd, slapd-smbk5pwd, ldap-utils, libldap-2.4-2, libldap-2.4-2-dbg, libldap2-dev, slapd-dbg Architecture: any Version: 2.4.31-2+deb7u1 Maintainer: Debian OpenLDAP Maintainers <[email protected]> Uploaders: Roland Bauerschmidt <[email protected]>, Stephen Frost <[email protected]>, Steve Langasek <[email protected]>, Torsten Landschoff <[email protected]>, Matthijs Möhlmann <[email protected]>, Russ Allbery <[email protected]> Homepage: http://www.openldap.org/ Standards-Version: 3.9.1 Vcs-Browser: http://svn.debian.org/wsvn/pkg-openldap/openldap/trunk Vcs-Svn: svn://svn.debian.org/pkg-openldap/openldap/trunk Build-Depends: debhelper (>= 8.9.0~), dpkg-dev (>= 1.16.1), libdb5.1-dev, libgcrypt-dev, libgnutls-dev (>= 1.7), unixodbc-dev, libncurses5-dev, libperl-dev (>= 5.8.0), libsasl2-dev, libslp-dev, libltdl-dev | libltdl3-dev (>= 1.4.3), libwrap0-dev, perl, debconf-utils, po-debconf, quilt (>= 0.46-7), groff-base, time, heimdal-dev, dh-autoreconf Build-Conflicts: autoconf2.13, bind-dev, libbind-dev, libicu-dev Package-List: ldap-utils deb net optional arch=any libldap-2.4-2 deb libs standard arch=any libldap-2.4-2-dbg deb debug extra arch=any libldap2-dev deb libdevel extra arch=any slapd deb net optional arch=any slapd-dbg deb debug extra arch=any slapd-smbk5pwd deb net extra arch=any Checksums-Sha1: 864e7b6ba54cc00ef5b834fd5b5739a7900dd6e3 4720612 openldap_2.4.31.orig.tar.gz 6d23d6050c9a17ff5b8dd8bbae6a547b1dd4b938 166309 openldap_2.4.31-2+deb7u1.diff.gz Checksums-Sha256: dff60c1044021217ab97a7bdda5a7016015f042db0fbfd566d52abb266d19239 4720612 openldap_2.4.31.orig.tar.gz 703c9d535627b129e299f0801b9322f7374e01efe6a07d82ffd692ecf4fb2875 166309 openldap_2.4.31-2+deb7u1.diff.gz Files: a8631b2202d8099143edb57e36b33dea 4720612 openldap_2.4.31.orig.tar.gz 07879ddc80e0d93bc058cca59dc94175 166309 openldap_2.4.31-2+deb7u1.diff.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJV8uzvAAoJEAVMuPMTQ89EX3MQAJVdSbWE6KZQIXkvQjWlMhui e92s9LRTeoowoULimlF+KU72vMy7/NWRPG/tzhEyNK9/BIrORQZcbEBJ9vY7tODv /7Los4FM2zBbRaKNsHWnZcHDG1tTB4hCqmt6sEjfjZs9ujKKkluT+24cBJq3hKYY Xk/TnKSWnjaNbaFl9GNjBBgrH8IKauHYAuSPeiGtyPeYE5KumVZJRbEVHuLXm85I wgUloZoAURkua5cgfKGxYqLJ0wcgCYNs18hPRlFPz5LPODtGrS/9Bw3T8UoFHt8j oZKTZiqW5hAzYnJFYJBKpy4D1Sok24i0wvE8xNP2L/dGARbOROBmmxD4FJT8khgO SrysYaM+UYao3iahhfRr181q1ghEt+rGIt5uwEpl0HZWgZt9SX9oTRP8Ad+raNW1 /TvdVY0lsamnTIrYGyIeCM0E6g/KLyV8ZLX4opLlAt1EyidWIRoUs2a3qVicsqIf s3EdX00KmfBSCekAGr0maHY/W+k1SsnbdgI9e6jmQb46+NZhfbBtaWq0Ft19DBau cqxhNzMLmlELsZklYqgqV6ebjR11HkIgKpKlS2TTnUcGCl3KkDZKSdcJhB93BfRg SKC2AM238SfGlwKymvD5ePKs1AHWSFWrnueWXuu9wEsgKaVshoKjudvj915UkQN3 I942zVheDocEejQH7Tfm =myFn -----END PGP SIGNATURE----- Changes: openldap (2.4.31-2+deb7u1) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add ITS8240-remove-obsolete-assert.patch patch. Import upstream patch to remove an unnecessary assert(0) that could be triggered remotely by an unauthenticated user by sending a malformed BER element. (CVE-2015-6908, Closes: #798622) -- Salvatore Bonaccorso <[email protected]> Fri, 11 Sep 2015 13:02:05 +0200