Comment 8 for bug 1602813

Here a little triaging summary:
The project itself seems rather abandoned, at least not with a high update frequency.
I checked the patch a bit in Detail and found two related upstream commits:

of 2012 to fix the first
https://github.com/threerings/openvpn-auth-ldap/commit/2d1568c384eee51e907d93eec7f4dc263de602d2

and of 2015 to fix the second occurance of the issue
https://github.com/threerings/openvpn-auth-ldap/pull/53/commits/182544cd7cfadf8e6918ce56d75a5c7735f126c2

The second is only a pull request and not yet merged into https://github.com/threerings/openvpn-auth-ldap/blame/master/src/TRLDAPConnection.m

That way following the usual procedure we can't start on an Xenial SRU right away but have to bring it into the Development release first. See #1 in https://wiki.ubuntu.com/StableReleaseUpdates#Procedure

IMHO, since this package has no Ubuntu delta so far and seems rather un-maintained (or at least un-updated) it might be worth pushing this fix to Debian first. Then sync into Yakkety, and then go for an SRU.
On the good side, the patch is small and reasonable. I'd leave it to Robie Basak who already was on the mail thread starting this to decide how to proceed.