-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 15 Feb 2013 23:00:00 +0100 Source: nss-pam-ldapd Binary: nslcd libnss-ldapd libpam-ldapd Architecture: source i386 Version: 0.7.15+squeeze3 Distribution: stable-security Urgency: high Maintainer: Arthur de Jong <adejong@debian.org> Changed-By: Arthur de Jong <adejong@debian.org> Description: libnss-ldapd - NSS module for using LDAP as a naming service libpam-ldapd - PAM module for using LDAP as an authentication service nslcd - Daemon for NSS and PAM lookups using LDAP Closes: 690319 Changes: nss-pam-ldapd (0.7.15+squeeze3) stable-security; urgency=high . * SECURITY FIX: Garth Mollett discovered that a file descriptor overflow issue in the use of FD_SET() in nss-pam-ldapd can lead to a stack-based buffer overflow (CVE-2013-0288) this bug has been fixed by extra range checking before calling FD_SET() (backported from 0.7.18) (closes: #690319) Checksums-Sha1: 74d6294f8494935e8407c3f4c8f450677d8cf383 1142 nss-pam-ldapd_0.7.15+squeeze3.dsc 9a71f6bc8d4519861157791e1b09893f7d68033b 483209 nss-pam-ldapd_0.7.15+squeeze3.tar.gz ad380b1387a8e05f8718c90bfc64959dc08a9416 124832 nslcd_0.7.15+squeeze3_i386.deb 67d26c73529145501d6b8d08ce60f8417c2c7c6f 44468 libnss-ldapd_0.7.15+squeeze3_i386.deb 726684972650c80d9a1f2d51deba2e5524509eb2 37472 libpam-ldapd_0.7.15+squeeze3_i386.deb Checksums-Sha256: 243377a5c851698a643927267bde4ee5cbaa2d3e5b1c480dcac6c88a06ea0072 1142 nss-pam-ldapd_0.7.15+squeeze3.dsc bbd6854b26737a359214dd165c274c5e5f905910435637846d344b9b0ccba1c7 483209 nss-pam-ldapd_0.7.15+squeeze3.tar.gz 8ca51147c8169692b48f14bc8ec5d5e373af4f4b0e5044ffb4ebe1c9d0c292f5 124832 nslcd_0.7.15+squeeze3_i386.deb 65e6ad584a61bf59f754481b0e5e39cbd8e8717ca9db4e7df5110ed3f56a6ecb 44468 libnss-ldapd_0.7.15+squeeze3_i386.deb bf8f59339ed29568cde696e9250101ed9b5e97f3cbf04017efacb3fcabd8dc33 37472 libpam-ldapd_0.7.15+squeeze3_i386.deb Files: fc48b10e580b56af18b2b119717d6f33 1142 admin extra nss-pam-ldapd_0.7.15+squeeze3.dsc 5f9edfb4ade313548c0747c9c32833e9 483209 admin extra nss-pam-ldapd_0.7.15+squeeze3.tar.gz ab5df81db46f8a8d70d80b0e2b333035 124832 admin extra nslcd_0.7.15+squeeze3_i386.deb e1dfb2d446bab6d23f324c9d757c3c6b 44468 admin extra libnss-ldapd_0.7.15+squeeze3_i386.deb e4097601e0f10ac0b8b47bec2e84a169 37472 admin extra libpam-ldapd_0.7.15+squeeze3_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAlEesSMACgkQVYan35+NCKcIsACdHIv3skq6t9waNmUQ5JYuH/pc n8UAoKj0jbMpbPePeEzFqO0huFCnIHdm =I1iO -----END PGP SIGNATURE-----