-
openldap (2.4.31-1+nmu2ubuntu12.3) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted BER data
- debian/patches/CVE-2015-6908.patch: remove obsolete assert in
libraries/liblber/io.c.
- CVE-2015-6908
* SECURITY UPDATE: user impersonation via incorrect default permissions
- debian/slapd.init.ldif: disallow modifying one's own entry by
default.
- CVE-2014-9713
-- Marc Deslauriers <email address hidden> Mon, 14 Sep 2015 10:28:32 -0400
-
openldap (2.4.31-1+nmu2ubuntu12.2) vivid; urgency=medium
* debian/apparmor-profile: Change 'r' to 'rw' for ldapi and nslcd sockets,
required for apparmor kernel ABI v7 (utopic and later). (LP: #1392018)
-- Ryan Tandy <email address hidden> Thu, 25 Jun 2015 09:40:29 -0700
-
openldap (2.4.31-1+nmu2ubuntu12.1) vivid-security; urgency=medium
* SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
- debian/patches/CVE-2013-4449.patch: fix reference counting
- CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
- debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
- CVE-2015-1545
-- Felipe Reyes <email address hidden> Tue, 19 May 2015 12:58:25 -0300
-
openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
* Fix cpp calls for GCC 5.
-- Matthias Klose <email address hidden> Fri, 06 Mar 2015 13:23:29 +0100
-
openldap (2.4.31-1+nmu2ubuntu11) utopic; urgency=medium
* debian/apparmor-profile:
- allow p11-kit abstraction
- allow read of /etc/gss/mech.d/*
-- Jamie Strandboge <email address hidden> Tue, 02 Sep 2014 15:29:05 -0500