fix(python-ldap): CVE-2025-61911, CVE-2025-61912#2
Open
deepin-ci-robot wants to merge 2 commits intomasterfrom
Open
fix(python-ldap): CVE-2025-61911, CVE-2025-61912#2deepin-ci-robot wants to merge 2 commits intomasterfrom
deepin-ci-robot wants to merge 2 commits intomasterfrom
Conversation
Enforce str type for escape_filter_chars to prevent LDAP injection attacks via crafted list/dict objects. Upstream: python-ldap/python-ldap@3957526 Generated-By: glm-5.1 Co-Authored-By: hudeng <hudeng@deepin.org>
Correctly escape null bytes in escape_dn_chars according to RFC 4514 to prevent client-side denial of service. Upstream: python-ldap/python-ldap@6ea8032 Generated-By: glm-5.1 Co-Authored-By: hudeng <hudeng@deepin.org>
|
TAG Bot TAG: 3.4.4-1deepin2 |
|
/integrate |
|
AutoIntegrationPr Bot |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CVE 修复
本 PR 修复以下两个安全漏洞:
CVE-2025-61911
漏洞描述: python-ldap 的
ldap.filter.escape_filter_chars方法存在过滤绕过漏洞。当escape_mode=1时,攻击者可以通过构造的list或dict对象绕过字符过滤,可能导致 LDAP 注入攻击。修复方案: 在方法开头添加类型检查,确保
assertion_value参数必须为str类型。上游修复: python-ldap/python-ldap@3957526
CVE-2025-61912
漏洞描述: python-ldap 的
ldap.dn.escape_dn_chars()函数错误地转义 null 字节(\x00),导致客户端拒绝服务。修复方案: 按照 RFC 4514 规范,将 null 字节正确转义为
�。上游修复: python-ldap/python-ldap@6ea8032
修复策略: backport upstream patch
Generated-By: glm-5.1
Co-Authored-By: hudeng hudeng@deepin.org
Generated by CVE-Fixer Agent