1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
|
golang-github-go-ldap-ldap (2.4.1-1+deb9u1) stretch; urgency=medium
* Team upload.
* Require explicit intention for empty password.
This is normally used for unauthenticated bind, and
https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends:
"Clients SHOULD disallow an empty password input to a Name/Password
Authentication user interface"
This is (mostly) a cherry-pick of 95ede12 from upstream, except
the bit in ldap_test.go, which is unrelated to the security issue.
This fixes CVE-2017-14623. (Closes: #876404)
-- Dr. Tobias Quathamer <toddy@debian.org> Wed, 29 Nov 2017 23:45:26 +0100
golang-github-go-ldap-ldap (2.4.1-1) unstable; urgency=medium
* New upstream version.
* Bump Standards-Version to 3.9.8.
-- Alexandre Viau <aviau@debian.org> Tue, 16 Aug 2016 12:19:35 -0400
golang-github-go-ldap-ldap (2.3.0-1) unstable; urgency=medium
* New upstream version
* Added watch file
* Refreshed disable-internet-tests.patch
* Replaced Vcs-Git by secure (https) url
* Make use of XS-Go-Import-Path
* Changed my email to @debian.org
* Bumped Standards-Version to 3.9.7
* New /usr/share/gocode/src/gopkg.in/ldap.v2 symlink
-- Alexandre Viau <aviau@debian.org> Mon, 21 Mar 2016 23:52:07 -0400
golang-github-go-ldap-ldap (0.0~git20150817.24.12f2865-1) unstable; urgency=medium
* Initial release (Closes: #798022)
-- Alexandre Viau <alexandre@alexandreviau.net> Wed, 02 Sep 2015 21:13:23 -0400
|