Well, considering that Ubuntu openldap maintainers consider e.g. CVE-2013-4449 (denial-of-service, 2.4.31 to 2.4.36 are vulnerable) not important enough to patch or update to a later openldap version, I expect there to be zero chance of this bug to be patched either. It seems that if it does not hurt the maintainers' systems, it's not worth fixing.
The current Ubuntu version I am using right now, 14.04 LTS, is certainly the last Ubuntu version I will be using. I am still evaluating the alternatives, but definitely all Debian jessie derivatives are straight out. I won't be monitoring this bug anymore, either. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-4449 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1103353 Title: Invalid GnuTLS cipher suite strings causes libldap to crash To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1103353/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs