Date: Wed, 15 Mar 2006 00:28:28 GMT From: Panagiotis Christias <p.christias@noc.ntua.gr> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/94457: [patch] www/auth_ldap upgrade to v1.6.1 (vulnerability fix) Message-ID: <200603150028.k2F0SSbK073550@www.freebsd.org> Resent-Message-ID: <200603150030.k2F0UIDQ014109@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 94457 >Category: ports >Synopsis: [patch] www/auth_ldap upgrade to v1.6.1 (vulnerability fix) >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 15 00:30:12 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Panagiotis Christias >Release: FreeBSD 5.3-SECURITY >Organization: National Technical University of Athens >Environment: FreeBSD ajax.noc.ntua.gr 5.3-SECURITY FreeBSD 5.3-SECURITY #0: Tue Feb 28 17:56:44 UTC 2006 root@builder.daemonology.net:/usr/obj/usr/src/sys/SMP i386 >Description: Auth_ldap 1.6.0 was reported having remote format string vulnerabilities. See CVE-2006-0150 (http://www.securityfocus.com/bid/16177). An upgrade to version 1.6.1 is required. Version 1.6.1 needes a patch in order to function properly (verified on our FreeBSD boxes). See: http://www.rudedog.org/pipermail/auth_ldap/2006-January/001710.html >How-To-Repeat: >Fix: A port for version 1.6.1 including the patch was prepared. It is available at: http://noc.ntua.gr/~christia/auth_ldap-1.6.1-port.tar.gz >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200603150028.k2F0SSbK073550>