Fedora has issued an advisory on March 3: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y2XAPBAAYVGYPC2QTEVMUSVI5KVZJ7LF/ The issue is fixed upstream in 1.4.3.19. Mageia 7 and Mageia 8 are also affected.
Whiteboard: (none) => MGA8TOO, MGA7TOO
Advisory from March 4 for the 1.4.3.x branch: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RU64BCG5CEKHZYZZJPCMZLCNOZ6UG65S/
Hi, thanks for reporting this. As there is no maintainer for this package I added Nicolas S. committers in CC. (Please set the status to 'assigned' if you are working on it)
CC: (none) => nicolas.salguero, ouaurelienAssignee: bugsquad => pkg-bugsCVE: (none) => CVE-2020-35518
mga7 and 8 and current cauldron are not affected, the code faulty code have been added later ( see https://github.com/389ds/389-ds-base/issues/2535 )
Whiteboard: MGA8TOO, MGA7TOO => (none)CC: (none) => mageia
RedHat has issued an advisory for this in April 6: https://access.redhat.com/errata/RHSA-2021:1086
openSUSE has issued an advisory for this on March 16: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IJZAIJRIBNKFP5CET6TYMJ3FGMU6WYAM/
RedHat has issued an advisory for this on June 8: https://access.redhat.com/errata/RHSA-2021:2323
Depends on: (none) => 30001
(In reply to Nicolas Lécureuil from comment #3) > mga7 and 8 and current cauldron are not affected, the code faulty code have > been added later ( see https://github.com/389ds/389-ds-base/issues/2535 ) Oh thanks, closing this.
Status: NEW => RESOLVEDResolution: (none) => INVALID