This bug was fixed in the package openldap - 2.4.10-3ubuntu1

---------------
openldap (2.4.10-3ubuntu1) intrepid; urgency=low

  [ Mathias Gug ]
  * Merge from debian unstable, remaining changes:
    - debian/apparmor-profile: add AppArmor profile
    - debian/slapd.postinst: Reload AA profile on configuration
    - updated debian/slapd.README.Debian for note on AppArmor
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6
    - debian/control: Conflicts with apparmor-profiles << 2.1+1075-0ubuntu4
      to make sure that if earlier version of apparmour-profiles gets
      installed it won't overwrite our profile.
    - Modify Maintainer value to match the DebianMaintainerField
      speficication.
    - follow ApparmorProfileMigration and force apparmor compalin mode on
      some upgrades (LP: #203529)
    - debian/slapd.dirs: add etc/apparmor.d/force-complain
    - debian/slapd.preinst: create symlink for force-complain on pre-feisty
      upgrades, upgrades where apparmor-profiles profile is unchanged (ie
      non-enforcing) and upgrades where apparmor profile does not exist.
    - debian/slapd.postrm: remove symlink in force-complain/ on purge
    - debian/patches/fix-ucred-libc due to changes how newer glibc handle
      the ucred struct now.
    - debian/patches/fix-unique-overlay-assertion.patch:
      Fix another assertion error in unique overlay (LP: #243337).
      Backport from head.
  * Dropped - implemented in Debian:
    - debian/patches/fix-gnutls-key-strength.patch:
      Fix slapd handling of ssf using gnutls. (LP: #244925).
    - debian/control:
      Add time as build dependency: needed by make test.
  * debian/control:
    - Build-depend on libltdl7-dev rather then libltdl3-dev.
  * debian/patches/autogen.sh:
    - Call libtoolize with the --install option to install config.{guess,sub}
    files.

  [ Jamie Strandboge ]
  * adjust apparmor profile to allow gssapi (LP: #229252)
  * adjust apparmor profile to allow cnconfig (LP: #243525)

openldap (2.4.10-3) unstable; urgency=low

  [ Steve Langasek ]
  * New patch, CVE-2008-2952_BER-decoding-assertion, to fix a remote DoS
    vulnerability in the BER decoder.  Addresses CVE-2008-2952,
    closes: #488710.
  * debian/slapd.scripts-common, debian/slapd.postinst: drop
    update_path_argsfile_pidfile function, not needed for updates from etch
    or newer.
  * Drop the code to check for and upgrade ldbm databases.  The etch
    release of slapd had already dropped support for them and direct
    upgrades from sarge are not supported.

  [ Russ Allbery ]
  * Apply upstream patch to convert GnuTLS cipher strength from bytes to
    bits, as expected by OpenLDAP.  (Closes: #473796)
  * Add Build-Depends on time, used by the test suite and only a shell
    built-in with bash.  Thanks, Daniel Schepler.  (Closes: #490754)
  * Refresh all patches, convert all patches to -p1, and remove extraneous
    Index: lines.  (Closes: #485263)
  * Unless DFSG_NONFREE is set, also check whether the upstream schemas
    with RFC comments are included.
  * Update standards version to 3.8.0.
    - Include debian/README.source pointing to the quilt README.source.
    - Wrap Uploaders for readability.
  * Wrap slapd's Depends for readability.

  [ Updated debconf translations ]
  * Swedish, thanks to Martin Ågren <email address hidden>.
    Closes: #492748.

 -- Mathias Gug <email address hidden>   Wed, 30 Jul 2008 19:46:02 -0400