openldap CVE-2015-3276 the patch comes from: https://bugzilla.redhat.com/show_bug.cgi?id=1238322 https://bugzilla.redhat.com/attachment.cgi?id=1055640 The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be used and allow remote attackers to have unspecified impact via unknown vectors. Upstream-Status: Pending CVE: CVE-2015-3276 Signed-off-by: Li Wang --- libraries/libldap/tls_m.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/libraries/libldap/tls_m.c b/libraries/libldap/tls_m.c index 9b101f9..e6f3051 100644 --- a/libraries/libldap/tls_m.c +++ b/libraries/libldap/tls_m.c @@ -621,18 +621,23 @@ nss_parse_ciphers(const char *cipherstr, int cipher_list[ciphernum]) */ if (mask || strength || protocol) { for (i=0; i