[Date Prev][Date Next]
Re: Security alerts on OpenLDAP (CVE-2015-1545 / CVE-2015-1546)
Clément OUDOT wrote:
I saw today two CVE on OpenLDAP:
Don't know if they are reported in some ITS.
That's because you're reading 2nd or 3rd-hand reports. Read the actual CVEs and you'll see that relevant ITSs already linked.
Given that the deref overlay isn't even documented and is probably used by only a handful of OpenLDAP developers I don't believe it even merited a CVE record.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/