[Secure-testing-commits] r33912 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Tue Apr 28 15:27:20 UTC 2015
Author: carnil
Date: 2015-04-28 15:27:20 +0000 (Tue, 28 Apr 2015)
New Revision: 33912
Modified:
data/CVE/list
Log:
Update status for CVE-2015-2694/krb5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-04-28 14:42:36 UTC (rev 33911)
+++ data/CVE/list 2015-04-28 15:27:20 UTC (rev 33912)
@@ -1839,11 +1839,15 @@
RESERVED
CVE-2015-2695
RESERVED
-CVE-2015-2694
+CVE-2015-2694 [issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass]
RESERVED
- krb5 <unfixed> (bug #783557)
+ [wheezy] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160
NOTE: Upstream commit: https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604
+ NOTE: wheezy marked as no-dsa since OTP plugin not present. But the issue
+ NOTE: might affect any out-of-tree plugins with similar bug as the OTP
+ NOTE: has. Thus basicaly only krb5/1.12 is affected.
CVE-2015-2693
RESERVED
CVE-2015-2692
More information about the Secure-testing-commits
mailing list