ubuntu-389-directory-server team mailing list archive

Thread
Date

[Bug 1284841] Re: Sync libapache2-mod-nss 1.0.8-4 (universe) from Debian unstable (main)

To: ubuntu-389-directory-server@xxxxxxxxxxxxxxxxxxx
From: Jackson Doak <Doak.jackson@xxxxxxxxx>
Date: Wed, 26 Feb 2014 06:03:30 -0000
Reply-to: Bug 1284841 <1284841@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Fake sync please? as with the old version

-- 
You received this bug notification because you are a member of Ubuntu
389 Directory Server, which is subscribed to libapache2-mod-nss in
Ubuntu.
https://bugs.launchpad.net/bugs/1284841

Title:
  Sync libapache2-mod-nss 1.0.8-4 (universe) from Debian unstable (main)

Status in “libapache2-mod-nss” package in Ubuntu:
  Invalid

Bug description:
  Please sync libapache2-mod-nss 1.0.8-4 (universe) from Debian unstable
  (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * Merge from unreleased debian git.
      - CVE fixes
    * Fake sync due to mismatching orig tarball.
  Fixed in debian, debian also has 2 CVE fixes

  Changelog entries since current trusty version 1.0.8-3ubuntu1:

  libapache2-mod-nss (1.0.8-4) unstable; urgency=medium

    * mod_nss-clientauth.patch:
      - Fix CVE-2011-4973: FakeBasicAuth authentication bypass.
        (Closes: #729626)
    * mod_nss-nssverifyclient.patch:
      - Fix CVE-2013-4566: incorrect handling of NSSVerifyClient in
        directory context. (Closes: #731627)
    * control: Bump policy to 3.9.5, no changes.

   -- Timo Aaltonen <tjaalton@xxxxxxxxxx>  Mon, 03 Feb 2014 11:23:58
  +0200

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libapache2-mod-nss/+bug/1284841/+subscriptions

References

[Bug 1284841] [NEW] Sync libapache2-mod-nss 1.0.8-4 (universe) from Debian unstable (main)
From: Jackson Doak, 2014-02-25