This bug was fixed in the package openldap - 2.4.28-1.1ubuntu4.5
--------------- openldap (2.4.28-1.1ubuntu4.5) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via an LDAP search query with attrsOnly set to true. (LP: #1446809) - debian/patches/CVE-2012-1164.1.patch: don't leave empty slots in normalized attr values - debian/patches/CVE-2012-1164.2.patch: add FIXME comment, note that current patch is not ideal - debian/patches/CVE-2012-1164.3.patch: fix attr_dup2 when no values are present (attrsOnly = TRUE) - CVE-2012-1164 * SECURITY UPDATE: fix rwm overlay reference counting - debian/patches/CVE-2013-4449.patch: fix reference counting - CVE-2013-4449 * SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl() - debian/patches/CVE-2015-1545.patch: require non-empty AttributeList - CVE-2015-1545
-- Felipe Reyes <email address hidden> Tue, 19 May 2015 11:53:17 -0300
This bug was fixed in the package openldap - 2.4.28-1.1ubuntu4.5
--------------- 1.1ubuntu4. 5) precise-security; urgency=medium
openldap (2.4.28-
* SECURITY UPDATE: denial of service via an LDAP search query patches/ CVE-2012- 1164.1. patch: don't leave empty slots in patches/ CVE-2012- 1164.2. patch: add FIXME comment, note that patches/ CVE-2012- 1164.3. patch: fix attr_dup2 when no values are patches/ CVE-2013- 4449.patch: fix reference counting patches/ CVE-2015- 1545.patch: require non-empty AttributeList
with attrsOnly set to true. (LP: #1446809)
- debian/
normalized attr values
- debian/
current patch is not ideal
- debian/
present (attrsOnly = TRUE)
- CVE-2012-1164
* SECURITY UPDATE: fix rwm overlay reference counting
- debian/
- CVE-2013-4449
* SECURITY UPDATE: fix NULL pointer dereference in deref_parseCtrl()
- debian/
- CVE-2015-1545
-- Felipe Reyes <email address hidden> Tue, 19 May 2015 11:53:17 -0300