From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: [PATCH 0/1] Update OpenLDAP, fixing CVE-2015-6908 Date: Thu, 21 Apr 2016 14:57:48 -0400 Message-ID: Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:44630) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1atJna-0004DK-7T for guix-devel@gnu.org; Thu, 21 Apr 2016 14:57:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1atJnV-0001xI-4H for guix-devel@gnu.org; Thu, 21 Apr 2016 14:57:58 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:35776) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1atJnU-0001xC-TH for guix-devel@gnu.org; Thu, 21 Apr 2016 14:57:53 -0400 Received: from localhost.localdomain (255.sub-70-192-144.myvzw.com [70.192.144.255]) by mail.messagingengine.com (Postfix) with ESMTPA id 078D8C0001D for ; Thu, 21 Apr 2016 14:57:51 -0400 (EDT) List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org There is a remote denial of service bug in OpenLDAP in version 2.4.42 and earlier [0]. This patch updates OpenLDAP to the latest version. This change will require several hundred packages to be rebuilt. Should it go on security-updates? Your advice requested... [0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-6908 Leo Famulari (1): gnu: openldap: Update to 2.4.44 [fixes CVE-2015-6908]. gnu/packages/openldap.scm | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- 2.7.4