[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8543) CVE-2015-3276: incorrect multi-keyword mode cipherstring parsing

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8543) CVE-2015-3276: incorrect multi-keyword mode cipherstring parsing
From: he@NetBSD.org
Date: Wed, 14 Dec 2016 12:45:30 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

>> CVE-2015-3276 appears to be unfixed in 2.4.44, and from several
>> attempts at finding the bug reported in your mailing list archive
>> I came up empty.  So ...  The best I've found from this CVE is
>> RedHat's bugzilla entry at
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=3D1238322
>>
>> which contains a (suggested) patch.
>
> We can integrate a suggested fix if the patch author submits their
> patch to our ITS directly. Due to IPR concerns we don't accept or act=

> on 3rd party patch submissions.

Hm, ok.  I've submitted an update to the above bug entry
petitioning for them to release the fix.  We'll see if they act
on it.

Regards,

- H=E5vard

Prev by Date: (ITS#8545) Undesired timeout when polling for results
Next by Date: (ITS#8550) aa
Index(es):
- Chronological
- Thread