Rob Holland

Name of the Vulnerable Software and Affected Versions: OpenLDAP (affected versions not specified) Description: The issue concerns pam ldap and nss ldap when used with OpenLDAP. When connecting to a slave using TLS and being referred to a master, the subsequent connection may not use TLS. This could result in a password being sent in cleartext, allowing remote attackers to intercept the password. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** rxvt-unicode versions prior to 5.3 **Description** The issue is related to a buffer overflow in the command.C file, which allows remote attackers to execute arbitrary code. This can be achieved by using a crafted file that contains long escape sequences. **Recommendations** For versions prior to 5.3, update to version 5.3 or later to resolve the issue.