Hi,

the following vulnerability was published for 389-ds-base. I'm filling
to be able to track it in the BTS (I'm not familiar enough with
389-ds-base, but looks that it's planned to fix that in 1.3.6).

CVE-2016-5416[0]:
ACI readable by anonymous user

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-5416
[1] https://fedorahosted.org/389/ticket/48852

Regards,
Salvatore

What's the status? It's been four months without a followup to this security
bug...

Cheers,
        Moritz

Still unfixed upstream.

Dear submitter,

as the package 389-ds-base has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/915510

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

...

Package was removed in error.

Bug reopened.

Scott K

The old fedorahosted ticked now point to
<URL: https://github.com/389ds/389-ds-base/issues/1912 > as the new
upstream issue, and this issue is marked as closed.  No idea which
version closes the issue.

Petter Reinholdtsen kirjoitti 17.3.2022 klo 12.30:

It was closed as "wontfix".