-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 19 Nov 2017 17:48:15 +0100 Source: libspring-ldap-java Binary: libspring-ldap-java libspring-ldap-java-doc Architecture: source all Version: 1.3.1.RELEASE-5+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libspring-ldap-java - Java library for simpler LDAP programming libspring-ldap-java-doc - documentation for libspring-ldap-java Changes: libspring-ldap-java (1.3.1.RELEASE-5+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2017-8028: Tobias Schneider discovered that Spring-LDAP would allow authentication with an arbitrary password when the username is correct, no additional attributes are bound and when using LDAP BindAuthenticator with DefaultTlsDirContextAuthenticationStrategy as the authentication strategy and setting userSearch. This occurs because some LDAP vendors require an explicit operation for the LDAP bind to take effect. Checksums-Sha1: ca1c21763a6a4edfe2cc12b1ef657c5fa685ce6b 2696 libspring-ldap-java_1.3.1.RELEASE-5+deb8u1.dsc b9c2cc9df724b019f9850eff5cbd9d3978426f89 11028 libspring-ldap-java_1.3.1.RELEASE-5+deb8u1.debian.tar.xz 5e65e7607b903f489d2d4ff5e3e4c7d1dbe3a558 203414 libspring-ldap-java_1.3.1.RELEASE-5+deb8u1_all.deb fa4b7f7372d6aaefbdc8e827b12a47bedc9bb831 394994 libspring-ldap-java-doc_1.3.1.RELEASE-5+deb8u1_all.deb Checksums-Sha256: c6a35038b92b851031ba9ab346966261dc32174710153d78f7aed7f42b88b691 2696 libspring-ldap-java_1.3.1.RELEASE-5+deb8u1.dsc da638951612e768b34d8451e22e1fd33dfb5f602c0ca395ca061e7f594264c3b 11028 libspring-ldap-java_1.3.1.RELEASE-5+deb8u1.debian.tar.xz a029b10245b8a4de378fd13955936c2ba61c84d2f7ce5e2e89f2db724c121b3b 203414 libspring-ldap-java_1.3.1.RELEASE-5+deb8u1_all.deb 373a3d6221b495a781bdebe97fdedd699cc8ff11e17a1345a1896492accf51bb 394994 libspring-ldap-java-doc_1.3.1.RELEASE-5+deb8u1_all.deb Files: ad21f5b0cd40905bb208e1dbb80f09b6 2696 java optional libspring-ldap-java_1.3.1.RELEASE-5+deb8u1.dsc f1f1851be9fd2fefcf693e1581e14ee3 11028 java optional libspring-ldap-java_1.3.1.RELEASE-5+deb8u1.debian.tar.xz d398f836dc4b286c31a5fab6c37150ad 203414 java optional libspring-ldap-java_1.3.1.RELEASE-5+deb8u1_all.deb 761983648dc1aafcf04329cd447178e2 394994 doc optional libspring-ldap-java-doc_1.3.1.RELEASE-5+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAloTCllfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkSswP/jIsgl/pSHx5cRe4pTqQotdswkx0V5RIUwht g4c3oHMNowVlBdUutbU8zP7rw4jye9Iq9CSwW/BmUZ16KFqPWr/oR7LEJHR2ywUh 75+6eQ149d8VepkW2qeDKcsZ6xDCRS+8f9j4GDWnzOUj6Oy8iVZA7ZZIQ4Fh0njm 5e9aEbHvbHMBVcO/9+VyW90Ruyrj6Vwvxfl27ifokODw7Eg2LaS2GEIgBLHhUXzC 7Zs3ZVNQlmlnlrzKTiAzAJjEtljeZwOv5fLd3+P4HMVs1Vsge96/7njQQF4OLtIl 2aqO03niBbllofP8K6oYool6HWuoIfWe+BvsDdlz8fgWQV8UyJEbstBwKOunumvG 31iRC/Anmo1IPsRMomdIrypvsCvm8mPa5JJ5mNhREdstnqRmpSIvwgxin/kSpxQB DYzdQYSkI5WPyPx3QIg9T+3+hGlB1AxYW9kBAsPNHknRbA4XimOrEFxB4NbfXJ4n aOw9p9OAtiZ6mcyilp6Td/cnRwOXPGJHz2j77dstvIUIyFPvGa/+uK/mBSVZVVWJ UHafT382tU9G7Mc/VYjn8uAtKbYEKGz10Fdwy5WeFPjp+YqmV+ucUPa0fA/N/4ug 0n1Lbth02NZDlvEUs3Fw6PiW/oZsaHMI/aVHC2k369gVLC7/pqHfANcEWqQmyIMr jrTDN+Up =F8zN -----END PGP SIGNATURE-----
