[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3632) 2 buggy getpeername calls in client library will result in crash of clients




--On Tuesday, April 05, 2005 08:39:20 AM -0700 "Kurt D. Zeilenga"
<Kurt@OpenLDAP.org> wrote:

> First, this should not be marked as a major security issue
> (see notes on submission page).  I have cleared this
> indicator and, through my inclusion below, now make this
> report public.

Ok.

> Second, 2.0 (as well as 2.1) are Historic.  You should
> encourage your packager to provide more recent versions
> of OpenLDAP Software, such as the latest "stable" release.
> It contains many security-related fixes that remain in
> final releases on the 2.0 and 2.1 branches.

Hmm, Red Hat's Enterprise Linux policy is that they try to avoid changing
major versions during update (that's one issue why they want money for
their update service, they have hard work on backporting...)

Anyway, perhaps you can release a 2.0.27a version...this would make RH's
life easier...

Regards,
        Peter
-- 
Dr. Peter Bieringer                     http://www.bieringer.de/pb/
GPG/PGP Key 0x958F422D               mailto: pb at bieringer dot de 
Deep Space 6 Co-Founder and Core Member  http://www.deepspace6.net/