Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 78776
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 78776 depends on: Show dependency tree
Bug 78776 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-01-19 23:08 0000 
LDAP is very forgiving about spaces in search filters and this could be abused
to log in using several variants of the login name, possibly bypassing explicit
access controls or confusing accounting

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-01-19 23:09:57 0000 ------- 
Andrew please apply.

------- Comment #2 From Andrew Bevitt 2005-01-21 03:43:15 0000 ------- 
Fixes in 2.5.7-r3 just in cvs now.

Patchset : 20050121

------- Comment #3 From Sune Kloppenborg Jeppesen 2005-01-21 04:06:39 0000 ------- 
Thx Andrew.

Security please vote on GLSA for this one.

------- Comment #4 From Thierry Carrez (RETIRED) 2005-01-21 05:49:43 0000 ------- 
I would vote NO. Squid has suffered enough already, and it could be considered
a simple bug.

------- Comment #5 From Sune Kloppenborg Jeppesen 2005-01-23 04:49:53 0000 ------- 
I vote for no GLSA as well. If another issue pops up we might include it.

------- Comment #6 From Sune Kloppenborg Jeppesen 2005-02-02 12:38:18 0000 ------- 
GLSA 200502-04
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug