-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 16 Jan 2025 17:16:37 +0100 Source: 389-ds-base Architecture: source Version: 2.3.1+dfsg1-1+deb12u1 Distribution: bookworm Urgency: high Maintainer: Debian FreeIPA Team Changed-By: Andrej Shadura Closes: 1072531 1082852 Changes: 389-ds-base (2.3.1+dfsg1-1+deb12u1) bookworm; urgency=high . * Non-maintainer upload. * Apply security patches from the upstream: - CVE-2024-2199 and CVE-2024-8445: Crash when modifying userPassword using malformed input (Closes: #1072531, #1082852). - CVE-2024-5953: Denial of service while attempting to log in with a user with a malformed hash in their password. - CVE-2024-3657: Failure on the directory server with specially-crafted LDAP query leading to denial of service. Checksums-Sha1: bfb4ed5fee0e7c6ed00f3a2e35668aa8df1eef76 2540 389-ds-base_2.3.1+dfsg1-1+deb12u1.dsc a071aac285455e98379a1e29ceedc860c8787553 809312 389-ds-base_2.3.1+dfsg1-1+deb12u1.debian.tar.xz ffa22e094fe788dd0765c2d6d05028019af20032 9744 389-ds-base_2.3.1+dfsg1-1+deb12u1_source.buildinfo Checksums-Sha256: f9eb6f7be99d37194c97583a4008da35f80752ef5c8d7ede20674cb65ea31b99 2540 389-ds-base_2.3.1+dfsg1-1+deb12u1.dsc b332d6dc8972f8ebe040f27838347e34b62b7970df8292cc3010c9986f70f9ab 809312 389-ds-base_2.3.1+dfsg1-1+deb12u1.debian.tar.xz fcf3b62efe14fea2a685a678e8c949a1cce2652726bec76bb0980cd8dbcd83bb 9744 389-ds-base_2.3.1+dfsg1-1+deb12u1_source.buildinfo Files: f2960b245d5c167a7dda68301e5b9c04 2540 net optional 389-ds-base_2.3.1+dfsg1-1+deb12u1.dsc 1f00892886123e83e00edc4da3559c38 809312 net optional 389-ds-base_2.3.1+dfsg1-1+deb12u1.debian.tar.xz 80356db35e31afcf8a61dd695621f8c4 9744 net optional 389-ds-base_2.3.1+dfsg1-1+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQSD3NF/RLIsyDZW7aHoRGtKyMdyYQUCZ4vcLwAKCRDoRGtKyMdy YXE6AP9hN4RMsq5P6Fwz1+nOkpqLsgqnjEM4C2pruh27ZK5N1wD/R31L2t9lfLZC jeYuRYiQNUs0bpmo+LMNxLlZb0o8JAM= =K0uK -----END PGP SIGNATURE-----