HI!
This ITS was answered with won't fix / send patches: https://www.openldap.org/its/index.cgi?findid=8759
But in the mean-time somebody assigned a CVE number to it: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740
The SUSE folks added a patch:
https://build.opensuse.org/package/view_file/network:ldap/openldap2/0017-Fix...
Could anybody review this and comment whether it makes sense at all?
If the patch is correct would it make sense to release it with 2.4.47?
Ciao, Michael.
Michael Ströder wrote:
HI!
This ITS was answered with won't fix / send patches: https://www.openldap.org/its/index.cgi?findid=8759
But in the mean-time somebody assigned a CVE number to it: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17740
The SUSE folks added a patch:
https://build.opensuse.org/package/view_file/network:ldap/openldap2/0017-Fix...
Could anybody review this and comment whether it makes sense at all?
If the patch is correct would it make sense to release it with 2.4.47?
If the patch is correct, the original patch author must submit it to the ITS.
The CVE makes no sense, since as already noted in the ITS, the bug is caused by the nops overlay which is in contrib, and not officially part of OpenLDAP Software.
-
Howard Chu -
Michael Ströder