RHBZ 1905565 - CVE-2020-35518 389-ds-base: information disclosure during the binding of a DN Target version also includes a non CVE'd information disclosure fix: RHBZ 1909675 - RHDS11: “write” permission of ACI changes ns-slapd’s behavior on search operation
Thank you for the report! Though please note we only set a version restriction in the summary once a fixed version is actually in tree. Redhat advisory: https://access.redhat.com/errata/RHSA-2021:0599
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=621368e61de5f83f5dae1b57b4ff006a6693b986 commit 621368e61de5f83f5dae1b57b4ff006a6693b986 Author: Robert Förster <Dessa@gmake.de> AuthorDate: 2021-02-17 16:38:46 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-02-22 15:03:29 +0000 net-nds/389-ds-base: remove vulnerable Bug: https://bugs.gentoo.org/771135 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Robert Förster <Dessa@gmake.de> Closes: https://github.com/gentoo/gentoo/pull/19505 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-nds/389-ds-base/389-ds-base-1.4.4.9.ebuild | 275 ------------------------- net-nds/389-ds-base/Manifest | 37 ---- 2 files changed, 312 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f50467b8b65e752dd92ab170955e9cdc021b4f58 commit f50467b8b65e752dd92ab170955e9cdc021b4f58 Author: Robert Förster <Dessa@gmake.de> AuthorDate: 2021-02-17 16:37:43 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-02-22 15:03:29 +0000 net-nds/389-ds-base: bump to 1.4.4.13 with fix for CVE-2020-35518 Bug: https://bugs.gentoo.org/771135 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Robert Förster <Dessa@gmake.de> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-nds/389-ds-base/389-ds-base-1.4.4.13.ebuild | 304 +++++++++++++++++++++ net-nds/389-ds-base/Manifest | 65 +++++ .../files/389-ds-base-1.4.4.13-libxcrypt.patch | 66 +++++ 3 files changed, 435 insertions(+)
Thank you! All done.
