-
ldb (2:2.2.3-0ubuntu0.21.10.2) impish-security; urgency=medium
* Update to 2.2.3 for samba security update
- Removed patches included in new version:
+ CVE-2020-27840-ldb_dn-avoid-head-corruption-in-ldb_d.patch
+ CVE-2020-27840-pytests-move-Dn.validate-test-to-ldb.patch
+ CVE-2021-20277-ldb-attrib_handlers-casefold-stay-in-.patch
+ ldb-add-tests-for-ldb_wildcard_compare.patch
+ CVE-2021-20277-ldb-tests-ldb_match-tests-with-extra-.patch
+ ldb-Remove-tests-from-ldb_match_test-that-do-not-pas.patch
- debian/python3-lsb.symbols.in, debian/libldb2.symbols: added new
symbols.
- debian/patches/Skip_failing_tests.diff: skip tests failing on 32-bit
archs.
- CVE-2020-25718
-- Marc Deslauriers <email address hidden> Tue, 09 Nov 2021 13:39:03 -0500
-
ldb (2:2.2.0-3.1) unstable; urgency=medium
* Non-maintainer upload.
* ldb_dn: avoid head corruption in ldb_dn_explode (CVE-2020-27840)
(Closes: #985936)
* pytests: move Dn.validate test to ldb
* ldb/attrib_handlers casefold: stay in bounds (CVE-2021-20277)
(Closes: #985935)
* ldb: add tests for ldb_wildcard_compare
* ldb tests: ldb_match tests with extra spaces
* ldb: Remove tests from ldb_match_test that do not pass
-- Salvatore Bonaccorso <email address hidden> Fri, 26 Mar 2021 19:52:18 +0100
-
ldb (2:2.2.0-3ubuntu3) impish; urgency=medium
* No-change rebuild due to OpenLDAP soname bump.
-- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 17:50:03 -0400
-
ldb (2:2.2.0-3ubuntu2) hirsute; urgency=medium
* SECURITY UPDATE: Heap corruption via crafted DN strings
- debian/patches/CVE-2020-27840-1.patch: avoid head corruption in
ldb_dn_explode in common/ldb_dn.c.
- debian/patches/CVE-2020-27840-2.patch: add Dn.validate test to ldb
in tests/python/crash.py, wscript.
- CVE-2020-27840
* SECURITY UPDATE: Out of bounds read in AD DC LDAP server
- debian/patches/CVE-2021-20277-1.patch: add tests for
ldb_wildcard_compare in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-2.patch: ldb_match tests with extra
spaces in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-3.patch: remove tests from
ldb_match_test that do not pass in tests/ldb_match_test.c.
- debian/patches/CVE-2021-20277-4.patch: stay in bounds in
common/attrib_handlers.c.
- CVE-2021-20277
-- Marc Deslauriers <email address hidden> Tue, 30 Mar 2021 13:00:36 -0400