-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Nov 2017 17:48:15 +0100 Source: libspring-ldap-java Binary: libspring-ldap-java libspring-ldap-java-doc Architecture: source all Version: 1.3.1.RELEASE-4+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libspring-ldap-java - Java library for simpler LDAP programming libspring-ldap-java-doc - documentation for libspring-ldap-java Changes: libspring-ldap-java (1.3.1.RELEASE-4+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-8028: Tobias Schneider discovered that Spring-LDAP would allow authentication with an arbitrary password when the username is correct, no additional attributes are bound and when using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy as the authentication strategy and setting userSearch. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect. Checksums-Sha1: 6f3e20103eea424884e8035ceb7780e4bcff930d 2701 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.dsc 0123f243a74b0229c955236cd4dfc0c30a770bd1 499426 libspring-ldap-java_1.3.1.RELEASE.orig.tar.gz 57ddd1605ca3c559da2f95afee1883e300bc1937 12098 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.debian.tar.gz 1322ac092e9de1385355be142c72ee1f43c44a98 212310 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1_all.deb 3dc41cc1a2de1485bab79a6959a9343806673873 632632 libspring-ldap-java-doc_1.3.1.RELEASE-4+deb7u1_all.deb Checksums-Sha256: 05dbba94695ffa136ea351d7e5e64dfab5b999dca8a625c64f790f9dd14a0340 2701 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.dsc 6ea8451b08bb2b7258de625ddad8444adadefe0b7dcab5eb6346e8fa089bfe16 499426 libspring-ldap-java_1.3.1.RELEASE.orig.tar.gz 94a5fcbbe069064f2132dcd6b989d383a12008ce2f7887d7a083aaf1b6de4c59 12098 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.debian.tar.gz ab7e236ec3a657b1c6f523571a2f4ae76d932d60a99934a08ed421c9fae402dc 212310 libspring-ldap-java_1.3.1.RELEASE-4+deb7u1_all.deb d2d858ae855a6591fbda3af3531e0d2fb3be8ea647e70c102a9189e7e4a3a817 632632 libspring-ldap-java-doc_1.3.1.RELEASE-4+deb7u1_all.deb Files: f8cf9b7b3676c729fac23d064ee9532f 2701 java optional libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.dsc 84d455f39590fedfc9e5a1c3bc13f3f7 499426 java optional libspring-ldap-java_1.3.1.RELEASE.orig.tar.gz 78bb1f016fe5d54e089dd31fa36e07e7 12098 java optional libspring-ldap-java_1.3.1.RELEASE-4+deb7u1.debian.tar.gz 28a268401a08aa72e96e88f32bdc9dac 212310 java optional libspring-ldap-java_1.3.1.RELEASE-4+deb7u1_all.deb d97c0322dc13f50117532b939a816a09 632632 doc optional libspring-ldap-java-doc_1.3.1.RELEASE-4+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloRuOhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkhsYP/1nKT6RqRRjBSUmc+CaoB5M7fFw1jCrXmOMG Uwnmge7DWyyCOGaWuOJuesoYtJitIPIAqQ9NkEfTui5qv8zhKB5TN8P3PhygARUx cTtgJiNEntExEZxbKvbl8y8J5lvFmw6+DZpUB/ElJtt1w/jCk7hXeyRPtFviXgwe VreqFLE/fA2hJ46U6BN+uSdU4J1QIwazro7tNUGs2tktEt5czW0yL8/ExPNrtNwd uEqxxJImFxCPDL1894VLMKb1ktidtMjLNpXttzLG9Ecn+nDeWJaLgrMqgfkIKk8L uGz3YpuN1gXCaVHyw4y3cu9NSw4l8MaKDiNfENfs0EG8xIWqTXCeSjIOOtwJgnPK WkiYqpEKsSlIF3lvTdxUx6sq7hngR8+4RDmDD+0A512MZ2P0D8qA7EBYPSY0stol IhABbZOuQT6GEPtSbhuyOyiSEDAjFVvoo4KpvO+tMJffLXp+cERWCYxc5f0hzuxs XvxyGQGMiDPhRyMjrstqZYo4CfAn32KuMSD5xJ4hFtRJPji0Ch9zOJadZRqRlIt1 jSqp+TeXa5Zt+NNIYHNx1iT2GRkAQjkRRYWoYo53d686CYmNOqVNluJSTekme4Bi XCECe8MzRPxSh7046xyxwPMtls81LrPEmjfiHj1ywVTWc81Sg+5+XhUE6pMBM5LY tKvftcuM =7S4j -----END PGP SIGNATURE-----
