Michael Ströder wrote:
This ITS was answered with won't fix / send patches:
But in the mean-time somebody assigned a CVE number to it:
The SUSE folks added a patch:
Could anybody review this and comment whether it makes sense at all?
If the patch is correct would it make sense to release it with 2.4.47?
If the patch is correct, the original patch author must submit it to the ITS.
The CVE makes no sense, since as already noted in the ITS, the bug is caused
by the nops overlay which is in contrib, and not officially part of OpenLDAP Software.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/