godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-01 13:49:03 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
windows-toolchain
buildroot/package/openldap
History
Fabrice Fontaine 3b72c7f8d9 package/openldap: security bump to version 2.4.57 
Fixes the following security issues:

- CVE-2020-36221: An integer underflow was discovered in OpenLDAP before
  2.4.57 leading to slapd crashes in the Certificate Exact Assertion
  processing, resulting in denial of service (schema_init.c
  serialNumberAndIssuerCheck).

- CVE-2020-36222: A flaw was discovered in OpenLDAP before 2.4.57 leading to
  an assertion failure in slapd in the saslAuthzTo validation, resulting in
  denial of service.

- CVE-2020-36223: A flaw was discovered in OpenLDAP before 2.4.57 leading to
  a slapd crash in the Values Return Filter control handling, resulting in
  denial of service (double free and out-of-bounds read).

- CVE-2020-36224: A flaw was discovered in OpenLDAP before 2.4.57 leading to
  an invalid pointer free and slapd crash in the saslAuthzTo processing,
  resulting in denial of service.

- CVE-2020-36225: A flaw was discovered in OpenLDAP before 2.4.57 leading to
  a double free and slapd crash in the saslAuthzTo processing, resulting in
  denial of service.

- CVE-2020-36226: A flaw was discovered in OpenLDAP before 2.4.57 leading to
  a memch->bv_len miscalculation and slapd crash in the saslAuthzTo
  processing, resulting in denial of service.

- CVE-2020-36227: A flaw was discovered in OpenLDAP before 2.4.57 leading to
  an infinite loop in slapd with the cancel_extop Cancel operation,
  resulting in denial of service.

- CVE-2020-36228: An integer underflow was discovered in OpenLDAP before
  2.4.57 leading to a slapd crash in the Certificate List Exact Assertion
  processing, resulting in denial of service.

- CVE-2020-36229: A flaw was discovered in ldap_X509dn2bv in OpenLDAP before
  2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring,
  resulting in denial of service.

- CVE-2020-36230: A flaw was discovered in OpenLDAP before 2.4.57 leading in
  an assertion failure in slapd in the X.509 DN parsing in decode.c
  ber_next_element, resulting in denial of service.

https://www.openldap.org/software/release/changes.html

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 46c4c9684d)
[Peter: mark as security bump, add CVE info]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-01-28 19:34:13 +01:00
..
0001-fix_cross_strip.patch
0002-fix-bignum.patch
package/openldap: security bump to version 2.4.56
2020-12-24 12:48:45 +01:00
0003-disable-docs.patch
0004-revert-ITS-3977-fix-libtool-static-behavior-to-match.patch
package/openldap: fix static linking wih atomics
2019-03-31 21:15:48 +02:00
Config.in
openldap.hash
package/openldap: security bump to version 2.4.57
2021-01-28 19:34:13 +01:00
openldap.mk
package/openldap: security bump to version 2.4.57
2021-01-28 19:34:13 +01:00