slapd reports wrong ssf using gnutls
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openldap2.3 (Debian) |
Fix Released
|
Unknown
|
|||
openldap2.3 (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: slapd
More information in this thread : http://
The ssf matching is broken on gnutls with openldap 2.4 (http://
I am half tempted to check security on this as it breaks a large piece of the encryption enforcement, but since it breaks it in an obvious way and provides the user no false sense of security I will forgo it.
CVE References
Changed in openldap2.3: | |
status: | Unknown → Confirmed |
Changed in openldap2.3: | |
status: | Confirmed → Fix Released |
Changed in openldap2.3: | |
status: | Fix Released → Confirmed |
Changed in openldap2.3: | |
status: | Confirmed → Fix Released |
The BSD licence is compatible with the GPL by any serious interpretation that I've ever heard (including the FSF's), provided that the advertising clause is not present. Most modern BSD code does not include the advertising clause and can legitimately be linked with GPL code.
If you know of instances where we are distributing GPL code linked with other code under an incompatible licence, please tell us. I don't believe that we are any less strict about this than Debian, and it would be rather foolish for us to be so since we're a bigger target for lawsuits.