debian/fusiondirectory.NEWS: Notify admins when upgrading their FusionDirectory about sensitive data storage in LDAP.
Mike Gabriel
3 years ago
0 | fusiondirectory (1.3-4) unstable; urgency=medium | |
1 | ||
2 | Please make sure to check your LDAP server's ACL restrictions when | |
3 | storing data in it via FusionDirectory. | |
4 | ||
5 | FusionDirectory stores parts of its own configuration in LDAP. With a | |
6 | Debian-default OpenLDAP setup (package: slapd), this might lead to | |
7 | leakage of sensitive data (e.g. cleartext service passwords for the | |
8 | Dovecot FD plugin and the Cyrus FD plugin). | |
9 | ||
10 | For further details, see: | |
11 | ||
12 | - /usr/share/doc/fusiondirectory/README.Debian | |
13 | - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966061 | |
14 | - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975968 | |
15 | - https://github.com/fusiondirectory/fusiondirectory-plugins/issues/25 | |
16 | ||
17 | -- Mike Gabriel <sunweaver@debian.org> Mon, 07 Dec 2020 12:34:39 +0100 |