Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [netbsd-7] src/external/bsd/openldap/dist/servers/slapd
Module Name: src
Committed By: snj
Date: Tue Apr 14 05:00:15 UTC 2015
Modified Files:
src/external/bsd/openldap/dist/servers/slapd [netbsd-7]: filter.c
src/external/bsd/openldap/dist/servers/slapd/overlays [netbsd-7]:
deref.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #680):
external/bsd/openldap/dist/servers/slapd/filter.c: revision 1.2
external/bsd/openldap/dist/servers/slapd/overlays/deref.c: revision 1.2
Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=c32e74763f77675b9e144126e375977ed6dc562c
The deref overlay in slapd 2.4.13 through 2.4.40 dereferences a NULL
pointer when a search request includes the Deref control with an empty
list of attributes to return (missing input validation). [CVE-2015-1545]
--
Apply: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a
Certain search queries including the Matched Values control can trigger
a double free in slapd 2.4.40 when freeing operation controls. This is a
regression in 2.4.40, no earlier releases are affected. [CVE-1546]
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.4 -r1.1.1.4.2.1 \
src/external/bsd/openldap/dist/servers/slapd/filter.c
cvs rdiff -u -r1.1.1.3 -r1.1.1.3.2.1 \
src/external/bsd/openldap/dist/servers/slapd/overlays/deref.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index