diff -u openldap2.3-2.4.7/debian/changelog openldap2.3-2.4.7/debian/changelog
--- openldap2.3-2.4.7/debian/changelog
+++ openldap2.3-2.4.7/debian/changelog
@@ -1,3 +1,18 @@
+openldap2.3 (2.4.7-5ubuntu2) hardy; urgency=low
+
+  * SECURITY UPDATE: 
+   + debian/patches/SECURITY_CVE-2008-0658.patch (LP: #197077)
+     slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP 2.3.39 
+     allows remote authenticated users to cause a denial of service (daemon crash) 
+     via a modrdn operation with a NOOP (LDAP_X_NO_OPERATION) control, a related 
+     issue to CVE-2007-6698.
+
+  * References
+   - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0658
+   - http://www.openldap.org/its/index.cgi/Software%20Bugs?id=5358
+
+ -- Emanuele Gentili <emgent@emanuele-gentili.com>  Sun, 02 Mar 2008 16:34:30 +0100
+
 openldap2.3 (2.4.7-5ubuntu1) hardy; urgency=low
 
   * add AppArmor profile
diff -u openldap2.3-2.4.7/debian/patches/series openldap2.3-2.4.7/debian/patches/series
--- openldap2.3-2.4.7/debian/patches/series
+++ openldap2.3-2.4.7/debian/patches/series
@@ -14,0 +15 @@
+SECURITY_CVE-2008-0658.patch
only in patch2:
unchanged:
--- openldap2.3-2.4.7.orig/debian/patches/SECURITY_CVE-2008-0658.patch
+++ openldap2.3-2.4.7/debian/patches/SECURITY_CVE-2008-0658.patch
@@ -0,0 +1,13 @@
+Index: openldap-2.4.7/servers/slapd/back-bdb/modrdn.c
+===================================================================
+--- openldap-2.4.7.orig/servers/slapd/back-bdb/modrdn.c	2008-03-02 16:30:41.000000000 +0100
++++ openldap-2.4.7/servers/slapd/back-bdb/modrdn.c	2008-03-02 16:31:50.000000000 +0100
+@@ -737,6 +737,8 @@
+ 		} else {
+ 			rs->sr_err = LDAP_X_NO_OPERATION;
+ 			ltid = NULL;
++                        /* Only free attrs if they were dup'd.  */
++                        if ( dummy.e_attrs == e->e_attrs ) dummy.e_attrs = NULL;
+ 			goto return_results;
+ 		}
+