diff -u openldap-2.4.31/debian/changelog openldap-2.4.31/debian/changelog
--- openldap-2.4.31/debian/changelog
+++ openldap-2.4.31/debian/changelog
@@ -1,3 +1,14 @@
+openldap (2.4.31-1+nmu2ubuntu12.1) vivid; urgency=medium
+
+  * SECURITY UPDATE: fix rwm overlay reference counting. (LP: #1446809)
+    - debian/patches/CVE-2013-4449.patch: fix reference counting
+    - CVE-2013-4449
+  * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
+    - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList
+    - CVE-2015-1545
+
+ -- Felipe Reyes <felipe.reyes@canonical.com>  Tue, 19 May 2015 12:58:25 -0300
+
 openldap (2.4.31-1+nmu2ubuntu12) vivid; urgency=medium
 
   * Fix cpp calls for GCC 5.
diff -u openldap-2.4.31/debian/patches/series openldap-2.4.31/debian/patches/series
--- openldap-2.4.31/debian/patches/series
+++ openldap-2.4.31/debian/patches/series
@@ -27,0 +28,2 @@
+CVE-2013-4449.patch
+CVE-2015-1545.patch
only in patch2:
unchanged:
--- openldap-2.4.31.orig/debian/patches/CVE-2013-4449.patch
+++ openldap-2.4.31/debian/patches/CVE-2013-4449.patch
@@ -0,0 +1,32 @@
+From 924389d9dd9dbb6ffe5db6c0fc65ecfe6814a1af Mon Sep 17 00:00:00 2001
+From: Jan Synacek <jsynacek@redhat.com>
+Date: Wed, 13 Nov 2013 09:06:54 +0100
+Subject: [PATCH] ITS#7723 fix reference counting
+
+---
+ libraries/librewrite/session.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libraries/librewrite/session.c b/libraries/librewrite/session.c
+index fcc7698..02fc054 100644
+--- a/libraries/librewrite/session.c
++++ b/libraries/librewrite/session.c
+@@ -161,6 +161,7 @@ rewrite_session_find(
+ #ifdef USE_REWRITE_LDAP_PVT_THREADS
+ 	if ( session ) {
+ 		ldap_pvt_thread_mutex_lock( &session->ls_mutex );
++		session->ls_count++;
+ 	}
+ 	ldap_pvt_thread_rdwr_runlock( &info->li_cookies_mutex );
+ #endif /* USE_REWRITE_LDAP_PVT_THREADS */
+@@ -178,6 +179,7 @@ rewrite_session_return(
+ )
+ {
+ 	assert( session != NULL );
++	session->ls_count--;
+ 	ldap_pvt_thread_mutex_unlock( &session->ls_mutex );
+ }
+ 
+-- 
+2.1.4
+
only in patch2:
unchanged:
--- openldap-2.4.31.orig/debian/patches/CVE-2015-1545.patch
+++ openldap-2.4.31/debian/patches/CVE-2015-1545.patch
@@ -0,0 +1,21 @@
+From 7a5a98577a0481d864ca7fe05b9b32274d4d1fb5 Mon Sep 17 00:00:00 2001
+From: Howard Chu <hyc@openldap.org>
+Date: Mon, 19 Jan 2015 22:25:53 +0000
+Subject: [PATCH] ITS#8027 require non-empty AttributeList
+
+---
+ servers/slapd/overlays/deref.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/servers/slapd/overlays/deref.c
++++ b/servers/slapd/overlays/deref.c
+@@ -182,7 +182,8 @@
+ 		ber_len_t cnt = sizeof(struct berval);
+ 		ber_len_t off = 0;
+ 
+-		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR )
++		if ( ber_scanf( ber, "{m{M}}", &derefAttr, &attributes, &cnt, off ) == LBER_ERROR
++			|| !cnt )
+ 		{
+ 			rs->sr_text = "Dereference control: derefSpec decoding error";
+ 			rs->sr_err = LDAP_PROTOCOL_ERROR;