[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8543) CVE-2015-3276: incorrect multi-keyword mode cipherstring parsing
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8543) CVE-2015-3276: incorrect multi-keyword mode cipherstring parsing
- From: he@NetBSD.org
- Date: Wed, 14 Dec 2016 12:45:30 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
>> CVE-2015-3276 appears to be unfixed in 2.4.44, and from several
>> attempts at finding the bug reported in your mailing list archive
>> I came up empty. So ... The best I've found from this CVE is
>> RedHat's bugzilla entry at
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=3D1238322
>>
>> which contains a (suggested) patch.
>
> We can integrate a suggested fix if the patch author submits their
> patch to our ITS directly. Due to IPR concerns we don't accept or act=
> on 3rd party patch submissions.
Hm, ok. I've submitted an update to the above bug entry
petitioning for them to release the fix. We'll see if they act
on it.
Regards,
- H=E5vard