Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [netbsd-7] src/external/bsd/openldap/dist/servers/slapd



Module Name:    src
Committed By:   snj
Date:           Tue Apr 14 05:00:15 UTC 2015

Modified Files:
        src/external/bsd/openldap/dist/servers/slapd [netbsd-7]: filter.c
        src/external/bsd/openldap/dist/servers/slapd/overlays [netbsd-7]:
            deref.c

Log Message:
Pull up following revision(s) (requested by christos in ticket #680):
        external/bsd/openldap/dist/servers/slapd/filter.c: revision 1.2
        external/bsd/openldap/dist/servers/slapd/overlays/deref.c: revision 1.2
Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c
The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL
pointer when a search request includes the Deref control with an empty
list of attributes to return (missing input validation). [CVE-2015-1545]
--
Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a
Certain search queries including the Matched Values control can trigger
a double free in slapd 2.4.40 when freeing operation controls. This is a
regression in 2.4.40, no earlier releases are affected. [CVE-1546]


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
    src/external/bsd/openldap/dist/servers/slapd/filter.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \
    src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index