Package: golang-github-go-ldap-ldap / 2.4.1-1+deb9u1
Patch seriesview the series file
|disable internet tests.patch | (download)||
2 2 + 0 - 0 !
disable functional tests by default We are disabling this set of tests because they require internet connection. Users that still want to run them, maybe because they are working on this library, may still do so using the functional-ldap-tests build tag.
|0002 Require explicit intention for empty password.patch | (download)||
require explicit intention for empty password. This is normally used for unauthenticated bind, and https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends: > Clients SHOULD disallow an empty password input to a Name/Password > Authentication user interface This is (mostly) a cherry-pick of 95ede12 from upstream. I've removed the bit in ldap_test.go, which is unrelated to the security issue. This fixes CVE-2017-14623. https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66