Comment 5 for bug 1662164

Hi Dan - Thanks so much for attaching the debdiff!

I've reviewed the debdiff and have some feedback:

1) Both Ubuntu 16.04 LTS and Ubuntu 16.10 are affected. If possible, a debdiff
   for each release would be appreciated.

2) The version used in the debdiff is incorrect. It should follow the
   guidelines described in section #2 here:

   https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging

   Ubuntu 16.04 LTS should use 2.0.6-1ubuntu1.16.04.1 and Ubuntu 16.10 should
   use 2.0.6-1ubuntu1.16.10.1

3) The distribution field in the changelog should be "xenial-security" instead
   of "xenial". The Ubuntu 16.10 debdiff would use "yakkety-security". This is
   described in section #3 in the same link as above.

4) The changelog contents should be more descriptive. It should follow the
   guidelines described in section #3 in the same link as above. Something like
   this would work:

  * SECURITY UPDATE: Incorrect permissions on the
    /etc/ldapscripts/ldapscripts.passwd file allow local attackers to read the
    contents (LP: #1662164)
    - debian/rules: Fix typo that prevented dh_fixperms from applying the
      correct ldapscripts.passwd permissions

5) You didn't mention what level of testing you performed. Were you able to
   verify that the file permissions were correct after installing the new
   package?

Please attach new debdiffs and mention the testing that you were able to
perform. Thanks again and don't hesitate to ask any questions!