-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 01 Jun 2017 18:34:18 +0100 Source: openldap Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg libldap2-dev slapd-dbg Architecture: source amd64 Version: 2.4.31-2+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: ldap-utils - OpenLDAP utilities libldap-2.4-2 - OpenLDAP libraries libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries libldap2-dev - OpenLDAP development libraries slapd - OpenLDAP server (slapd) slapd-dbg - Debugging information for the OpenLDAP server (slapd) slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd. Closes: 863563 Changes: openldap (2.4.31-2+deb7u3) wheezy-security; urgency=high . * CVE-2017-9287: search.c was prone to a double free vulnerability. A user with access to search the directory could crash slapd by issuing a search including the "Paged Results" control with a page size of 0. (Closes: #863563) Checksums-Sha1: dc6d567d45976c38421a17da70be838c8db62510 2752 openldap_2.4.31-2+deb7u3.dsc 864e7b6ba54cc00ef5b834fd5b5739a7900dd6e3 4720612 openldap_2.4.31.orig.tar.gz 445f3e4113cf511037190ca49a9abd26bafc5a31 166505 openldap_2.4.31-2+deb7u3.diff.gz f97d60488e9adbe1585faaca90342201775c0094 1769292 slapd_2.4.31-2+deb7u3_amd64.deb d3bf4cdc800890c295e53835cf371d68893a4249 79816 slapd-smbk5pwd_2.4.31-2+deb7u3_amd64.deb 1e6b8607994bf846c9d32e3b3124ea19970bc122 346170 ldap-utils_2.4.31-2+deb7u3_amd64.deb e7e370c80dbfcf987815b6d468480d9c9dd19f04 244112 libldap-2.4-2_2.4.31-2+deb7u3_amd64.deb 97d7d3395a82543188ce2162a7bdcb1e1c4c765e 475172 libldap-2.4-2-dbg_2.4.31-2+deb7u3_amd64.deb 776d2ebe84ae7ae48896924aa8801d4ea99349df 558162 libldap2-dev_2.4.31-2+deb7u3_amd64.deb 2b18742549e5539e993514245679d26671c8c1a6 5524606 slapd-dbg_2.4.31-2+deb7u3_amd64.deb Checksums-Sha256: 0b62e62a3a4494b75b57f304ed1fdc46d5aa58d6080759431941067b461b52df 2752 openldap_2.4.31-2+deb7u3.dsc dff60c1044021217ab97a7bdda5a7016015f042db0fbfd566d52abb266d19239 4720612 openldap_2.4.31.orig.tar.gz 699983d42003b2c7402703c33510007c64daafbdf90250199e56bdaf40537aaa 166505 openldap_2.4.31-2+deb7u3.diff.gz 5c30863545eeeec8e1a9dd1aea111d6afa88930f5482eb65bcbeafec7ccf102f 1769292 slapd_2.4.31-2+deb7u3_amd64.deb af483bc69301bdd6e5357517e3295844fc22b08ab0047a632d296bb1114b98c8 79816 slapd-smbk5pwd_2.4.31-2+deb7u3_amd64.deb 8a1579c45e17746eed6ea41dacff093144ede6ea6e86d0b081b25e1f58208ec3 346170 ldap-utils_2.4.31-2+deb7u3_amd64.deb e4b10b0162c096afbfce3a2c4f0519f0f8200c3a12d37f207fe818515ee2ac17 244112 libldap-2.4-2_2.4.31-2+deb7u3_amd64.deb aea08dfd6ff2443e2661dca69f26b56804414d27d18b5f5e2f5db850558ca162 475172 libldap-2.4-2-dbg_2.4.31-2+deb7u3_amd64.deb 248437f2e403ebfea5aeaf1b58ccc6bd86d9443e4af80a2d2947ae2697509b0e 558162 libldap2-dev_2.4.31-2+deb7u3_amd64.deb 6f2c8096a6b2fe61c8e189a6cf5d947dbdbd50f2795690381c7ebee5076a0da5 5524606 slapd-dbg_2.4.31-2+deb7u3_amd64.deb Files: d685010b9f8b1eaf5f656dcfa1983443 2752 net optional openldap_2.4.31-2+deb7u3.dsc a8631b2202d8099143edb57e36b33dea 4720612 net optional openldap_2.4.31.orig.tar.gz 572edd5783afb48beead8026dcf59f94 166505 net optional openldap_2.4.31-2+deb7u3.diff.gz 9efe10fe8286b80c4fe8a4cf2fd53382 1769292 net optional slapd_2.4.31-2+deb7u3_amd64.deb 163b6941221b07ff6491eb88ec1c4fc1 79816 net extra slapd-smbk5pwd_2.4.31-2+deb7u3_amd64.deb 18431dd7b0436282b9f1d3e9fc81d4b5 346170 net optional ldap-utils_2.4.31-2+deb7u3_amd64.deb f6932e272ca8bf82333818efda88d521 244112 libs standard libldap-2.4-2_2.4.31-2+deb7u3_amd64.deb 99f5f17443a22e55733d8e9a57724c92 475172 debug extra libldap-2.4-2-dbg_2.4.31-2+deb7u3_amd64.deb 8b2292cba74de52b409e2b4c21c3c5aa 558162 libdevel extra libldap2-dev_2.4.31-2+deb7u3_amd64.deb df465e8d855c872b544cb8b09a78b002 5524606 debug extra slapd-dbg_2.4.31-2+deb7u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlkwjUEACgkQHpU+J9Qx HlgbPQ/9GkjZEjC6/MtAp+hfTTFoaCxP/3Re5dQv7xJNmX0tL2YhyYhKjx53IGBt zZCaJ4ut6MoP7m+BNYZPruvZCkQDRRuLhb2u8WbK6t7hh5+HJ5czShkSl5OozbBg ve5okKIPtWXQH+sSnZolRXwA/In0WWn3VAHfimxqcJ7WELb0hJ3TtxKm837Cljmz OS0G2b8kKStY17fLnoIzCt65u9ymKfRjpLiOMbVzVzU0hCTR4ttzGsBfdfbVC6gF PjPwsU8Oe49xuCIOQzZHLtbdyYdPYqAebFuYgMeysstkvQewRGLdNgK0Cerg8WYh yapStFnN9c30xyqJDKSHqHTKJmC/XAt6UOxPKAmW53SDjcbu6epp+bF2C1g5Ccfp VgMidXoogZBAN6yGjPVM3xABw4q7js6Pyydc3wfMYDHTuI/pV3Sk1XefOl9IPV0A H/oYn0xcTxm4SdqndLWJok/N1VF72mU4+WeQcwGRR/Q7/vY4r0N4xMfrk9ACOkUh Du5n5M7vcXkOfsz1PuuXDXInawMV38xiLTxe3BrRP+BKvh9RwMZIZURxomrMHVqr B1glaFptfiInJtovyKfNAahqiH1bn13Msa2Nca4CfOAS1wAnSkw+BJoa0aqL4Q34 AXYb8bZsw5JVMWcyQkad5y3LkWe4sy5nh5noqYbPHqNibtjGVIM= =RsSI -----END PGP SIGNATURE-----
