[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and DH parameter size / LogJam vulnerability

To: Jens Vagelpohl <jens@dataflake.org>, ldap <openldap-technical@openldap.org>
Subject: Re: OpenLDAP and DH parameter size / LogJam vulnerability
From: Howard Chu <hyc@symas.com>
Date: Wed, 15 Jul 2015 17:07:01 +0100
In-reply-to: <B64AD0A3-8E88-4413-B1A9-91E4C9030F25@dataflake.org>
References: <F69610DD-64F7-4F75-9A88-2AAE703AF810@dataflake.org> <20150715151646.GE27475@homeworld.netbsd.org> <55A67DD7.8090201@symas.com> <B64AD0A3-8E88-4413-B1A9-91E4C9030F25@dataflake.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:40.0) Gecko/20100101 Firefox/40.0 SeaMonkey/2.37a1

Jens Vagelpohl wrote:

On 15 Jul 2015, at 17:35 , Howard Chu <hyc@symas.com> wrote:

No ITS needed, this code was already rewritten in HEAD, ITS#7506.


Hi Howard,

Since that ITS is several years old I guess the fix is not in OPENLDAP_REL_ENG_2_4?


Surely you can read the ITS yourself.

https://www.openldap.org/its/index.cgi/Software Bugs?id=7506

The fix is in 2.5.

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Follow-Ups:
- Re: OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Jens Vagelpohl <jens@dataflake.org>

References:
- OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Jens Vagelpohl <jens@dataflake.org>
- Re: OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Emmanuel Dreyfus <manu@netbsd.org>
- Re: OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Howard Chu <hyc@symas.com>
- Re: OpenLDAP and DH parameter size / LogJam vulnerability
  - From: Jens Vagelpohl <jens@dataflake.org>

Prev by Date: Re: OpenLDAP and DH parameter size / LogJam vulnerability
Next by Date: Re: OpenLDAP and DH parameter size / LogJam vulnerability
Index(es):
- Chronological
- Thread