UbuntuUpdates.org

Package "python-ldap"

Name: python-ldap

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • LDAP interface module for Python 3.x - transition package
Latest version: 3.2.0-4ubuntu7.2
Release: jammy (22.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "python-ldap" in Jammy

Repository Area Version
base main 3.2.0-4ubuntu7
base universe 3.2.0-4ubuntu7
security main 3.2.0-4ubuntu7.2
security universe 3.2.0-4ubuntu7.2
updates main 3.2.0-4ubuntu7.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.2.0-4ubuntu7.2 2025-10-20 22:11:43 UTC

  python-ldap (3.2.0-4ubuntu7.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Improper special character escape when supplying
    non-string data types.
    - debian/patches/CVE-2025-61911.patch: Raise exception when type is not str
      in Lib/ldap/filter.py.
    - CVE-2025-61911
  * SECURITY UPDATE: Denial of service through improperly escaped null byte.
    - debian/patches/CVE-2025-61912.patch: Change NULL byte escape from \\\000
      to \\00 in Lib/ldap/dn.py.
    - CVE-2025-61912

 -- Hlib Korzhynskyy <email address hidden> Wed, 15 Oct 2025 17:38:45 -0230
Source diff to previous version
CVE-2025-61911 python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter
CVE-2025-61912 python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x

Version: 3.2.0-4ubuntu7.1 2022-07-11 18:07:17 UTC

  python-ldap (3.2.0-4ubuntu7.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Regular Expression DoS
    - debian/patches/CVE-2021-46823-pre.patch: get rid of
      expected failures in tokenizer tests in Lib/ldap/schema/tokenizer.py,
      Tests/t_ldap_schema_tokenizer.py.
    - debian/patches/CVE-2021-46823.patch: fix ReDoS in
      regex in Lib/ldap/schema/tokenizer.py.
    - CVE-2021-46823

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 04 Jul 2022 13:21:22 -0300
CVE-2021-46823 python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular express


About   -   Send Feedback to @ubuntu_updates