I've added the patch from RedHat in SVN, but they all are failing to build (unrelated to the patch) right now, failing in the testsuite.

http://pkgsubmit.mageia.org/uploads/failure/3/core/updates_testing/20140209234135.luigiwalser.valstar.1920/log/openldap-2.4.33-7.1.mga3/build.0.20140209235607.log
http://pkgsubmit.mageia.org/uploads/failure/4/core/updates_testing/20140209234112.luigiwalser.valstar.1789/log/openldap-2.4.38-1.1.mga4/build.0.20140209234200.log
http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20140209234051.luigiwalser.valstar.1628/log/openldap-2.4.38-2.mga5/build.0.20140209234107.log

Buchan, please have a look at this.

Hmm, maybe it's a parallel build issue.  I pushed them again and they built.

Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Advisory:
========================

Updated openldap packages fix security vulnerability:

A denial of service flaw was found in the way the OpenLDAP server daemon
(slapd) performed reference counting when using the rwm (rewrite/remap)
overlay. A remote attacker able to query the OpenLDAP server could use this
flaw to crash the server by immediately unbinding from the server after
sending a search request (CVE-2013-4449).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4449
http://www.openldap.org/its/index.cgi/Incoming?id=7723
https://rhn.redhat.com/errata/RHSA-2014-0126.html
========================

Updated packages in core/updates_testing:
========================
openldap-2.4.33-7.1.mga3
openldap-servers-2.4.33-7.1.mga3
openldap-servers-devel-2.4.33-7.1.mga3
openldap-clients-2.4.33-7.1.mga3
libldap2.4_2-2.4.33-7.1.mga3
libldap2.4_2-devel-2.4.33-7.1.mga3
libldap2.4_2-static-devel-2.4.33-7.1.mga3
openldap-doc-2.4.33-7.1.mga3
openldap-tests-2.4.33-7.1.mga3
openldap-testprogs-2.4.33-7.1.mga3
openldap-2.4.38-1.1.mga4
openldap-servers-2.4.38-1.1.mga4
openldap-servers-devel-2.4.38-1.1.mga4
openldap-clients-2.4.38-1.1.mga4
libldap2.4_2-2.4.38-1.1.mga4
libldap2.4_2-devel-2.4.38-1.1.mga4
libldap2.4_2-static-devel-2.4.38-1.1.mga4
openldap-back_sql-2.4.38-1.1.mga4
openldap-back_bdb-2.4.38-1.1.mga4
openldap-back_mdb-2.4.38-1.1.mga4
openldap-doc-2.4.38-1.1.mga4
openldap-tests-2.4.38-1.1.mga4
openldap-testprogs-2.4.38-1.1.mga4

from SRPMS:
openldap-2.4.33-7.1.mga3.src.rpm
openldap-2.4.38-1.1.mga4.src.rpm

CC: (none) => bgmilne
Version: Cauldron => 4
Assignee: bgmilne => qa-bugs
Whiteboard: MGA4TOO, MGA3TOO => MGA3TOO

Testing procedure from https://bugs.mageia.org/show_bug.cgi?id=6527#c8

-------
This is easy to test by installing openldap-tests

Start the ldap service

# service ldap start             (for mga1)

or

# systemctl start ldap.service   (for mga2)

Then

# cd /usr/share/openldap/tests/
# ./run all > ldaptest
# grep -e ">>>>>" ldaptest
-------

CC: (none) => stormi

Testing mga3 32 & 64 now

testing currently on mga4/x86_64

tested yesterday 2014-02-11 on mga4/32bit

i dunno if it is a failure or not --->

>>>>> Starting test058-syncrepl-asymmetric for bdb...
>>>>>> Exiting with a false success status for now
>>>>> test058-syncrepl-asymmetric completed OK for bdb.

CC: (none) => gerdroscher

(In reply to Gerd Roscher from comment #7)
> tested yesterday 2014-02-11 on mga4/32bit
> 
> i dunno if it is a failure or not --->
> 
> >>>>> Starting test058-syncrepl-asymmetric for bdb...
> >>>>>> Exiting with a false success status for now
> >>>>> test058-syncrepl-asymmetric completed OK for bdb.

I think it's OK, the "false success status" must be intended.

Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-ok

Advisory uploaded.

Update validated. Please push to 3 & 4 core/updates.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok mga4-32-ok advisory

Update pushed:
http://advisories.mageia.org/MGASA-2014-0062.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED