CVE-2014-3562 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-3562): Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. This bug is fixed in 389 DS version 1.3.2.22.
Either someone volunteers for maintaining this or we treeclean this stuff: net-nds/389-ds-base app-admin/389-ds-console
Someone volunteered to maintain it in bug #573262.
net-nds/389-ds-base vulnerable version removed, and version bumped in commit 5a7174bf7122309eee568651fb5f3413155f9fc2. Maintainers are working on the other one, so please don't remove from the tree.
Hi, We have updated 389-ds-base to 1.3.4.7. This should resolve the issue. Thanks,
No vulnerable versions in tree.
This bug is still referred as masking reason for a number of packages: # NP-Hardass <NP-Hardass@gentoo.org> (05 Feb 2016) # Security issues bug #536334. Under investigation by maintainer. app-admin/389-ds-console net-nds/389-admin app-admin/389-admin-console www-apps/389-dsgw Please either lastrite the packages or well... proceed with your investigation.
The referenced packages are not affected by this security bug. @maintainer, the mask was left in place for your action.
https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89f76b9d39daac88c27d6e211152dd3d6e4f714c
Neither wibrown nor myself are listed as maintainer on these remaining packages. Upstream says they are defunct. Last rite them I guess?
(In reply to Wes from comment #9) > Neither wibrown nor myself are listed as maintainer on these remaining > packages. Upstream says they are defunct. Last rite them I guess? I've opened #589592 to take care of that without spamming secteam ;-).