Auth_ldap 1.6.0 was reported having remote format string vulnerabilities. See CVE-2006-0150 (http://www.securityfocus.com/bid/16177). An upgrade to version 1.6.1 is required. Version 1.6.1 needes a patch in order to function properly (verified on our FreeBSD boxes). See: http://www.rudedog.org/pipermail/auth_ldap/2006-January/001710.html Fix: A port for version 1.6.1 including the patch was prepared. It is available at: http://noc.ntua.gr/~christia/auth_ldap-1.6.1-port.tar.gz
State Changed From-To: open->closed Committed, thanks !