CVE-2019-14824 (https://nvd.nist.gov/vuln/detail/CVE-2019-14824): A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to view private attributes, such as password hashes.
Upstream patch: https://pagure.io/389-ds-base/c/ddbe3c8fe fb3d355..ddbe3c8 master -> master becdf20..86776bb 389-ds-base-1.4.1 -> 389-ds-base-1.4.1 959057c..fca2934 389-ds-base-1.4.0 -> 389-ds-base-1.4.0 428a8ff..b6ba778 389-ds-base-1.3.10 -> 389-ds-base-1.3.10
Since this package has no maintainers, and since it is not being updated. Please consider dropping the package.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=66a48ca5d52d4699c4ef38209dfcad8ebdd149aa commit 66a48ca5d52d4699c4ef38209dfcad8ebdd149aa Author: Sam James (sam_c) <sam@cmpct.info> AuthorDate: 2020-06-04 18:24:47 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-06-04 19:14:36 +0000 net-nds/389-ds-base, dev-libs/389-adminutil: Last rites Bug: https://bugs.gentoo.org/655176 Bug: https://bugs.gentoo.org/701812 Signed-off-by: Sam James (sam_c) <sam@cmpct.info> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> profiles/package.mask | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7414f8c33bb75cd9a4f6a61040886852fcf2afe1 commit 7414f8c33bb75cd9a4f6a61040886852fcf2afe1 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-07-13 04:52:07 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-07-13 04:52:31 +0000 dev-libs/svrcore: Remove last-rited pkg Bug: https://bugs.gentoo.org/655176 Bug: https://bugs.gentoo.org/701812 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-libs/svrcore/Manifest | 2 - dev-libs/svrcore/files/svrcore-4.0.4-gentoo.patch | 100 ---------------------- dev-libs/svrcore/files/svrcore-4.1-gentoo.patch | 100 ---------------------- dev-libs/svrcore/metadata.xml | 5 -- dev-libs/svrcore/svrcore-4.0.4-r1.ebuild | 40 --------- dev-libs/svrcore/svrcore-4.1.2.ebuild | 35 -------- profiles/package.mask | 6 -- 7 files changed, 288 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aef3f76fb5607ea9fcecd97c192a0ab06d224737 commit aef3f76fb5607ea9fcecd97c192a0ab06d224737 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-07-13 04:51:55 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-07-13 04:52:27 +0000 dev-libs/389-adminutil: Remove last-rited pkg Bug: https://bugs.gentoo.org/655176 Bug: https://bugs.gentoo.org/701812 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-libs/389-adminutil/389-adminutil-1.1.15.ebuild | 46 ---------------------- dev-libs/389-adminutil/Manifest | 1 - dev-libs/389-adminutil/metadata.xml | 5 --- profiles/package.mask | 2 - 4 files changed, 54 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb6602276b3003bcdafd619a28ac6f163f52fb30 commit eb6602276b3003bcdafd619a28ac6f163f52fb30 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-07-13 04:50:40 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-07-13 04:52:23 +0000 net-nds/389-ds-base: Remove last-rited pkg Bug: https://bugs.gentoo.org/655176 Bug: https://bugs.gentoo.org/701812 Signed-off-by: Michał Górny <mgorny@gentoo.org> net-nds/389-ds-base/389-ds-base-1.3.6.8-r1.ebuild | 126 ------- net-nds/389-ds-base/389-ds-base-9999.ebuild | 133 -------- net-nds/389-ds-base/Manifest | 1 - ...-base-1.3.6-backport-invalid-password-mig.patch | 376 --------------------- net-nds/389-ds-base/files/389-ds-snmp.initd | 44 --- net-nds/389-ds-base/files/389-ds.initd-r1 | 90 ----- net-nds/389-ds-base/metadata.xml | 23 -- 7 files changed, 793 deletions(-)
noglsa, tree clean, closing.