File _patchinfo of Package patchinfo.25422

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.25422

<patchinfo incident="25422">
  <issue tracker="bnc" id="1202470">VUL-0: CVE-2022-2850: 389-ds: SIGSEGV in sync_repl</issue>
  <issue tracker="cve" id="2022-2850"/>
  <issue tracker="bnc" id="1199908">openldap_to_ds failing with: AttributeError: 'str' object has no attribute 'values'</issue>
  <packager>firstyear</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for 389-ds</summary>
  <description>This update for 389-ds fixes the following issues:

- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).

Non-security fixes:

- Update to version 1.4.4.19~git46.c900a28c8:
  * CI - makes replication/acceptance_test.py::test_modify_entry more robust
  * UI - LDAP Editor is not updated when we switch instances
- Improvements to openldap import with password policy present (bsc#1199908)
- Update to version 1.4.4.19~git43.8ba2ea21f:
  * fix covscan
  * BUG - pid file handling
  * Memory leak in slapi_ldap_get_lderrno
  * Need a compatibility option about sub suffix handling
  * Release tarballs don't contain cockpit webapp
  * Replication broken after password change
  * Harden ReplicationManager.wait_for_replication
  * dscontainer: TypeError: unsupported operand type(s) for /: 'str' and 'int'
  * CLI - dsconf backend export breaks with multiple backends
  * CLI - improve task handling
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.25422

Places