golang-github-go-ldap-ldap (2.4.1-1+deb9u1) stretch; urgency=medium * Team upload. * Require explicit intention for empty password. This is normally used for unauthenticated bind, and https://tools.ietf.org/html/rfc4513#section-5.1.2 recommends: "Clients SHOULD disallow an empty password input to a Name/Password Authentication user interface" This is (mostly) a cherry-pick of 95ede12 from upstream, except the bit in ldap_test.go, which is unrelated to the security issue. This fixes CVE-2017-14623. (Closes: #876404) -- Dr. Tobias Quathamer Wed, 29 Nov 2017 23:45:26 +0100 golang-github-go-ldap-ldap (2.4.1-1) unstable; urgency=medium * New upstream version. * Bump Standards-Version to 3.9.8. -- Alexandre Viau Tue, 16 Aug 2016 12:19:35 -0400 golang-github-go-ldap-ldap (2.3.0-1) unstable; urgency=medium * New upstream version * Added watch file * Refreshed disable-internet-tests.patch * Replaced Vcs-Git by secure (https) url * Make use of XS-Go-Import-Path * Changed my email to @debian.org * Bumped Standards-Version to 3.9.7 * New /usr/share/gocode/src/gopkg.in/ldap.v2 symlink -- Alexandre Viau Mon, 21 Mar 2016 23:52:07 -0400 golang-github-go-ldap-ldap (0.0~git20150817.24.12f2865-1) unstable; urgency=medium * Initial release (Closes: #798022) -- Alexandre Viau Wed, 02 Sep 2015 21:13:23 -0400