Date: Thu, 21 Jan 2010 22:00:19 GMT From: Arthur de Jong <arthur@arthurdejong.org> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/142963: [UPDATE] net/nss_ldapd: update to 0.7.2 Message-ID: <201001212200.o0LM0J70059229@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/142963; it has been noted by GNATS. From: Arthur de Jong <arthur@arthurdejong.org> To: bug-followup@FreeBSD.org, freebsd@omnilan.de Cc: Subject: Re: ports/142963: [UPDATE] net/nss_ldapd: update to 0.7.2 Date: Thu, 21 Jan 2010 22:35:26 +0100 --=-UWOO0XvwyeEXUzM0vTLO Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable By chance I came across this page: http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/142963 which suggests that a security vulnerability has been found in nss-pam-ldapd 0.7.1. This is not correct. Release 0.7.2 does not fix any known security problems. The confusion is probably a result of this security advisory: http://arthurdejong.org/nss-pam-ldapd/news.html#20091122 The problem was fixed a in nss-ldapd version 0.6.11. At the time it was unclear that the previous behaviour had security implications. When this became clear a security advisory was issued. See the link above for more details. Anyway, thanks for packaging nss-pam-ldapd (though I don't fully understand the thing with rootbinddn). --=20 -- arthur - arthur@arthurdejong.org - http://arthurdejong.org -- --=-UWOO0XvwyeEXUzM0vTLO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJLWMiHAAoJECqLdGgQ4K/BS0oQAJmxvILtg4j0vEnokI2iSb+G CMQxmVsgeGA3aim7kxW1//7gv02UVZi2aDwS0uC0CTG7JJt9fbjXRdxwuo7jgEOm SpYUOqJ9sBK93ZQisy+23XgK7OPcP4gnXUebxGzSIb6soHo3HOXEa6c9YEIgC0r0 EeWx0Fnvh6B9BTdjTKJ29OIpy8JiNAD6tAjJQHctQXsq8NCFE88veGDHerrLp598 3vsxCKn3rPEWnJ4GFOGZRSErZpU3iQ3YsNAC5AmH3KBM1KH1YJC9+UpCw4MCAavb GLwEafY7w/yESTyGDolKi3xyekEyfMlPbkzwBywNYjOjanHEyP/nKtq6+MTLVLfW DsXWLba2Ws4p/wlmYvbXlY2RTCbz98oXyzbhznicvfCTDUivjrTOL3J/3Ez57td0 o7RBbsSN4aTVg/Pv6HsKZeFubHudbnovULI3ThIpZ4NlM4S2Qk/AEngJT8c4SiIK qkvtm0Gbn2PtXKeFzBTeuLXTZb0Ca92fzkgAzwlSkmlUzSSFSFDciWM3T1KTGDu/ CEcRVkwLneGnsSwQynp0bZ95WHsR6Dxv3+IvAoKqH2eYaFV0MeBIloMkeZH/xifg rZdQ/S9omGCsWgrSxWRuKdWYFsrGZY4MKlY1guS0Egl7iw1Ckql+HWcEiZCNtlI+ ZnRWG/BU/bmt3hBxfduU =2ZPN -----END PGP SIGNATURE----- --=-UWOO0XvwyeEXUzM0vTLO--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001212200.o0LM0J70059229>