[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8385) Use After Free of struct ldap_common in slap_client_connect

On Mon, Mar 14, 2016 at 8:04 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
> The Debian/Ubuntu maintainers are quite aware of the problems with using
> GnuTLS, and maintain they cannot use OpenSSL due to licensing issues,
> despite the fact every other major distribution uses OpenSSL (except RHEL,
> which switched to MozNSS which resulted in much disaster, and is likely
> going to switch back to OpenSSL).
> There is no reason you cannot use OpenSSL, regardless of what
> Debian/Ubuntu's broken decisions are.
> --Quanah

Quanah, thank you for your reply. However, I do not want to engage in
a political discussion, particularly on the matter that is beyond my
control. It is also out of topic, as the bug discussed here was in
libldap code, and not in GnuTLS. I would like to again thank Howard
for his work on this bug and coming up with a working fix very
quickly. Unless any new issue related to this bug or the fix comes to
light, I think we can consider the matter closed.

Maciej Puzio