Codebase list fusiondirectory / 226c42c
debian/fusiondirectory.NEWS: Notify admins when upgrading their FusionDirectory about sensitive data storage in LDAP. Mike Gabriel 3 years ago
1 changed file(s) with 18 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+18
-0
debian/fusiondirectory.NEWS less more
0 fusiondirectory (1.3-4) unstable; urgency=medium
1
2 Please make sure to check your LDAP server's ACL restrictions when
3 storing data in it via FusionDirectory.
4
5 FusionDirectory stores parts of its own configuration in LDAP. With a
6 Debian-default OpenLDAP setup (package: slapd), this might lead to
7 leakage of sensitive data (e.g. cleartext service passwords for the
8 Dovecot FD plugin and the Cyrus FD plugin).
9
10 For further details, see:
11
12 - /usr/share/doc/fusiondirectory/README.Debian
13 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966061
14 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975968
15 - https://github.com/fusiondirectory/fusiondirectory-plugins/issues/25
16
17 -- Mike Gabriel <sunweaver@debian.org> Mon, 07 Dec 2020 12:34:39 +0100