Copied from
ubuntu precise in
Private PPA for Ubuntu Security Team
by Marc Deslauriers
Changelog
openldap (2.4.28-1.1ubuntu4.6) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via crafted BER data
- debian/patches/CVE-2015-6908.patch: remove obsolete assert in
libraries/liblber/io.c.
- CVE-2015-6908
* SECURITY UPDATE: user impersonation via incorrect default permissions
- debian/slapd.init.ldif: disallow modifying one's own entry by
default.
- CVE-2014-9713
-- Marc Deslauriers <email address hidden> Mon, 14 Sep 2015 10:37:35 -0400