Package "openldap"

  openldap (2.4.49+dfsg-2ubuntu1.4) focal-security; urgency=medium

  * SECURITY UPDATE: DoS via NULL pointer dereference
    - debian/patches/CVE-2020-25692.patch: skip normalization if there's no
      equality rule in servers/slapd/modrdn.c.
    - CVE-2020-25692

 -- Marc Deslauriers <email address hidden> Wed, 04 Nov 2020 09:43:57 -0500

  openldap (2.4.49+dfsg-2ubuntu1.2) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service via nested search filters
    - debian/patches/CVE-2020-12243.patch: limit depth of nested filters in
      servers/slapd/filter.c.
    - debian/patches/fix_test_timing.patch: fix FTBFS on riscv64 because of
      test timing issue.
    - CVE-2020-12243

 -- Marc Deslauriers <email address hidden> Fri, 01 May 2020 13:09:12 -0400