[Secure-testing-commits] r33912 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Apr 28 15:27:20 UTC 2015


Author: carnil
Date: 2015-04-28 15:27:20 +0000 (Tue, 28 Apr 2015)
New Revision: 33912

Modified:
   data/CVE/list
Log:
Update status for CVE-2015-2694/krb5

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-04-28 14:42:36 UTC (rev 33911)
+++ data/CVE/list	2015-04-28 15:27:20 UTC (rev 33912)
@@ -1839,11 +1839,15 @@
 	RESERVED
 CVE-2015-2695
 	RESERVED
-CVE-2015-2694
+CVE-2015-2694 [issues in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass]
 	RESERVED
 	- krb5 <unfixed> (bug #783557)
+	[wheezy] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
 	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160
 	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604
+	NOTE: wheezy marked as no-dsa since OTP plugin not present. But the issue
+	NOTE: might affect any out-of-tree plugins with similar bug as the OTP
+	NOTE: has. Thus basicaly only krb5/1.12 is affected.
 CVE-2015-2693
 	RESERVED
 CVE-2015-2692




More information about the Secure-testing-commits mailing list