diff -u openldap-2.4.31/debian/changelog openldap-2.4.31/debian/changelog
--- openldap-2.4.31/debian/changelog
+++ openldap-2.4.31/debian/changelog
@@ -1,3 +1,20 @@
+openldap (2.4.31-1+nmu2ubuntu8.4) trusty-security; urgency=medium
+
+  * SECURITY UPDATE: denial of service via search with page size of 0
+    - debian/patches/CVE-2017-9287.patch: fix double-free in
+      servers/slapd/back-mdb/search.c.
+    - CVE-2017-9287
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 30 May 2017 15:24:10 -0400
+
+openldap (2.4.31-1+nmu2ubuntu8.3) trusty; urgency=medium
+
+  * Fix segfault issue in slap_bv2ad (LP: #1593378)
+    - d/p/its-7941-fix-for-repeated-tags.patch: Cherry picked
+    patch from upstream VCS.
+
+ -- Eric Desrochers <eric.desrochers@canonical.com>  Fri, 24 Jun 2016 11:05:23 +0200
+
 openldap (2.4.31-1+nmu2ubuntu8.2) trusty-security; urgency=medium
 
   * SECURITY UPDATE: denial of service via crafted BER data
diff -u openldap-2.4.31/debian/patches/series openldap-2.4.31/debian/patches/series
--- openldap-2.4.31/debian/patches/series
+++ openldap-2.4.31/debian/patches/series
@@ -29,0 +30,2 @@
+its-7941-fix-for-repeated-tags.patch
+CVE-2017-9287.patch
only in patch2:
unchanged:
--- openldap-2.4.31.orig/debian/patches/CVE-2017-9287.patch
+++ openldap-2.4.31/debian/patches/CVE-2017-9287.patch
@@ -0,0 +1,25 @@
+From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan@nardis.ca>
+Date: Wed, 17 May 2017 20:07:39 -0700
+Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0
+
+Fixes a double free when a search includes the Paged Results control
+with a page size of 0 and the search base matches the filter.
+---
+ servers/slapd/back-mdb/search.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+Index: openldap-2.4.31/servers/slapd/back-mdb/search.c
+===================================================================
+--- openldap-2.4.31.orig/servers/slapd/back-mdb/search.c	2017-05-30 15:21:51.165981041 -0400
++++ openldap-2.4.31/servers/slapd/back-mdb/search.c	2017-05-30 15:21:51.161980993 -0400
+@@ -832,7 +832,8 @@ loop_begin:
+ 			/* check size limit */
+ 			if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ 				if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
+-					mdb_entry_return( op, e );
++					if (e != base)
++						mdb_entry_return( op, e );
+ 					e = NULL;
+ 					send_paged_response( op, rs, &lastid, tentries );
+ 					goto done;
only in patch2:
unchanged:
--- openldap-2.4.31.orig/debian/patches/its-7941-fix-for-repeated-tags.patch
+++ openldap-2.4.31/debian/patches/its-7941-fix-for-repeated-tags.patch
@@ -0,0 +1,16 @@
+Description: ITS#7941 fix for repeated tags
+Make sure ntags isn't incremented if we're skipping the tag
+Author: Howard Chu <hyc@openldap.org>
+Origin: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=af8f1e0
+Bug-Ubuntu: https://launchpad.net/bugs/1593378
+---
+--- a/servers/slapd/ad.c
++++ b/servers/slapd/ad.c
+@@ -271,6 +271,7 @@
+ 
+ 				if( rc == 0 && (unsigned)optlen == tags[i].bv_len ) {
+ 					/* duplicate (ignore) */
++					ntags--;
+ 					goto done;
+ 
+ 				} else if ( rc > 0 ||